@alli_s21: #fpy_tiktok #fpy_tiktok

علي شراحيلي 🎙️
علي شراحيلي 🎙️
Open In TikTok:
Region: SA
Tuesday 30 June 2026 16:04:35 GMT
120942
1753
207
4069

Music

Download

Comments

iih_ss
.S :
2026-06-30 22:37:40
130
ar48322
بُـن لتغطيات جدة 🇸🇦 :
قال ع اليمين وش ذنب اللي ع اليسار الحين
2026-06-30 22:36:03
9
aboshm011
قرنبيط الصائم 🌙 :
رونالدينو بعد الاعتزال نسخة البلاك:
2026-07-01 00:40:19
0
cool33189
My :
الي على اليسار وهو يشوف الي على اليمين
2026-06-30 23:47:34
3
_reem333
☕ :
هههههههههههههههههههههههههههههههههههههههههههههههههه
2026-06-30 23:06:18
3
To see more videos from user @alli_s21, please go to the Tikwm homepage.

Other Videos

The
The "Atomic Arch" supply chain attack on June 12, 2026, is one of the most aggressive hits against the Arch User Repository (AUR) in history. Security researchers tracked the compromise as it climbed to affect hundreds of community-maintained software projects. The attackers didn't exploit a software flaw; they weaponized the repository's trust model. The threat actors scanned the AUR for orphaned packages—legitimate tools whose original maintainers had stepped away, but remained actively used by Linux users. Because the AUR allows anyone to adopt orphaned projects to keep them alive, the attackers mass-adopted hundreds of packages in a tight window. They spoofed Git commit metadata to make updates look like they were pushed by reputable maintainers, bypassing basic human review. The attackers didn't touch the upstream software code. Instead, they edited the build instructions (PKGBUILD scripts and post-install hooks). When a user or a CI/CD pipeline built the update, the modified script silently pulled down malicious Node (npm) or Bun packages (like atomic-lockfile, js-digest, and lockfile-js). Because AUR helpers often require root privileges to deploy software, these packages seamlessly executed an embedded Linux binary called deps. The binary targeted developers, cloud architects, and system administrators to harvest credentials needed to breach corporate ecosystems. First, it stole browser cookie databases to extract active session tokens, allowing attackers to bypass Multi-Factor Authentication (MFA) on platforms like Slack, Discord, Microsoft Teams, and Telegram. Second, it scraped local files for GitHub/GitLab access tokens, HashiCorp Vault secrets, AWS/GCP cloud identities, and npm registry keys. Third, it copied local SSH private keys used to manage remote production servers. Stolen files were bundled and exfiltrated over HTTP to public file-sharing services, while Command and Control traffic was routed via Tor to hide the attackers' location. On systems where the package was installed using root privileges, the malware deployed an eBPF (Extended Berkeley Packet Filter) rootkit. By injecting code directly into the Linux kernel space, the rootkit intercepted system calls to dynamically hide its own files, network traffic, and active processes. If an administrator opens monitoring tools like ps, top, or htop, the operating system completely omits the malware from the screen. By the evening of June 12th, the Arch Linux maintainers stepped in with emergency protocols, temporarily freezing new AUR account creation and package adoptions to stop the bleeding. The Arch team is actively scrubbing the repository and reverting malicious commits. Because the full list of infected packages is still being indexed, the official advice remains: if you updated any AUR software on or after June 11, treat the host machine as fully compromised, reinstall the OS from a clean ISO, and rotate all personal and corporate credentials. #linux #arch #cybersecurity #kernelmaxxing

About