I (weirdly?) love Amy Casey’s paintings of buildings in peril — being swallowed by the sea, being flung into the sky by wind.

There’s an element of the Kowloon Walled City to Casey’s work, as well as Cloudy With a Chance of Meatballs (specifically the tomato tornado). (via colossal)

Tags: Amy Casey · architecture · art

Goed nieuws voor alle mensen die na een paar bier op een gegeven moment naar de wc gaan en dan weer terugkomen en plots honderduit beginnen te vertellen over verschillende onderwerpen waaronder zichzelf, zichzelf en zichzelf, terwijl ze geen enkele vraag of wedervraag meer weten te formuleren, alle interesse chemisch vervangen door ego, heb ik je al verteld over de band met mijn vader, wat ik zo moeilijk vond tijdens mijn studietijd, waar ik heel goed in ben, wat voor werk ik doe, hoe ik de politiek zie, waar ik geil van word, ik-ik-ik-ik. Ze wonen in een land waar ze: eenvoudig  kunnen bijbestellen. Nergens in Europa wordt zoveel kabouterpost verpakt en versneden als in Nederland, blijkt uit het jaarlijkse European Drug Report. Afijn we voeren dit soort lijstjes wel vaker aan, zou iemand een keertje iets aan moeten doen.

Jan Boskamp begrijpt dat Feyenoord afscheid heeft genomen van Robin van Persie. De oud-voetballer en analist was wel verrast door de timing, maar vindt het logisch dat de nieuwe leiding haar eigen koers vaart. Hij noemt in het radioprogramma R-Uit! twee namen van Belgische trainers, die volgens hem interessant kunnen zijn voor Feyenoord.

• Real Madrid reveal they have made offer for Argentinian

• Arbeloa departs club, paving way for Mourinho return

Real Madrid have revealed they have had a €150m (£129.4m) bid for Julián Alvarez rejected by city rivals Atlético Madrid. The Argentina striker has scored 49 goals in 106 appearances for Atlético since joining from Manchester City in 2024.

The 26-year-old, whose contract runs until 2030, reportedly wants to leave and has been linked with Arsenal and Barcelona. Florentino Pérez vowed before his reelection as Real’s president to submit a club-record offer for an unnamed “great player”.

Continue reading...

As if the Miasma situation weren't bad enough, now this weapon is spreading like wildfire. Someone open sourced the entire Miasma worm supply-chain attack toolkit, likely using previously compromised developers' accounts to publish GitHub repositories containing the self-spreading malware’s source code over the last 24 hours. SafeDep, a company focused on open source supply chain security that developed Package Management Guard (PMG), spotted the malicious repos, named “Miasma-Open-Source-Release,” and said that they started appearing on Monday. Its researchers analyzed one of these before GitHub nixed it, and described the code as more than just a supply chain worm. “It is a full supply chain attack toolkit that allows the operator to execute various attacks via stolen credentials against arbitrary or targeted packages on public registries (PyPI, npm, RubyGems), JFrog Artifactory, GitHub repositories and GitHub Actions, AI coding tools config poisoning, SSH based lateral movement and other attack vectors,” the SafeDep team said. While we don’t know who is behind this publicly released worm, it follows in the footsteps of TeamPCP, which developed and then open sourced the mini Shai-Hulud worm last month, announcing a supply-chain attack contest on BreachForums and spawning copycat open source package poisonings. One of these copycat worms, Miasma, first hit upwards of 100 Red Hat and Microsoft open source projects before spreading to other victims, with app-security firm Socket tracking 473 affected package artifacts as of Tuesday. “The Miasma repository is an evolution of the Mini Shai-Hulud toolkit, and was open-sourced June 8 via four previously compromised users,” Rami McCarthy, principal threat researcher at Wiz, told The Register. “Since we had already reversed the payload, this public release isn’t particularly useful for sophisticated defenders, and we haven't observed any opportunistic adoption of it yet.” This, he added, mimics what happened when TeamPCP open sourced mini Shai-Hulud last month. “We didn't see attackers weaponize it either,” McCarthy said. “It's not clear [whether] attackers benefit from adopting this out-of-the-box toolkit versus vibe coding their own. And while it raises concerns about muddying attribution, attackers tend to continue developing their private fork of the malware, providing a clear payload progression to track and deconflict from anyone utilizing the open-source version.” An interesting aspect of both of these worms and other recent attacks like this one dubbed “Comment-and-Control” by AI bug hunter Aonan Guan is that they run entirely in GitHub - they don’t require any custom command-and-control (C2) infrastructure - and use the code-hosting platform for all stages of the attack including remote command execution, configuration, and data exfiltration. “This is a key behavioural shift because traditional network based detection and protection tools rely on baselining and anomaly detection,” SafeDep researchers noted. “Defenders now have to operate closer to application protocol to identify behavioural anomaly instead of network based anomalies.” The Miasma worm uses three independent GitHub commit search channels for C2, and each has a different search string and purpose. One of these, "DontRevokeOrItGoesBoom," discovers attacker-controlled personal access tokens (PATs) to exfiltrate credentials and other sensitive data. These PATs are AES-256-CBC encrypted in the commit message. The second, "TheBeautifulSandsOfTime," delivers JavaScript for immediate command execution. It’s checked once at startup, and, after validation, it passes the payload to eval() to execute at runtime. Finally, “firedalazer” delivers Python script URLs for the persistent monitor. All three are unauthenticated by default, use GitHub’s public commit search API, and use a different validation or decryption key, which means compromising one doesn’t automatically compromise the other two.®

T.Marko has added a photo to the pool:

A vibrant nighttime scene in the heart of Tokyo, where endless neon signs illuminate the streets of Shinjuku. The blend of glowing storefronts, moving traffic, and urban energy captures the unique atmosphere of one of the world's most iconic entertainment districts. A glimpse into the city that never seems to sleep.