npm registry including Postman package infected with Shai-Hulud supply-chain attack

 

The name npm (Node Package Manager) stems from when npm first was created as a package manager for Node.js.

npm is the world's largest opens source software registry. The registry contains over 800,000 code packages.

Young developers just include open-source packages without doing any sort of security review, hence these kinds of attacks spread exponentially.

The Shai-Hulud malware is a self-replicating worm that targets the npm ecosystem, compromising hundreds of packages and exposing sensitive developer credentials.

At time of writing  27,000 malicious packages were infected, including Postman.

Postman package is a JavaScript library for a simple message bus, at time of writing has about ~750 download a week. 

Source : Shai-Hulud malware infects 500 npm packages, leaks secrets on GitHub (bleepingcomputer.com)

Social media usage across American generations, and top spot is not tik tok

It's that time of the year again, and end-of-year stats are beginning to be rolling in. Perhaps this is one of the most important. 

Current social media usage with American adults' chart by Pew Research Center for 2025. 

The Pew Research Center is widely cited in academia, journalism, and policymaking because of its commitment to neutrality and methodological rigor. Unlike advocacy organizations, Pew’s role is to inform rather than persuade, making it a trusted source for understanding public opinion and societal trends.

Source Article: Americans’ Social Media Use 2025 | Pew Research Center

#	Generation Name	Birth Years	Defining Notes
1	Lost Generation	1883 – 1900	WWI era, Jazz Age writers
2	Greatest Generation	1901 – 1927	Great Depression resilience, WWII service
3	Silent Generation	1928 – 1945	Post-war boom, early Civil Rights movement
4	Baby Boomers	1946 – 1964	Suburban expansion, Moon landing, Woodstock
5	Generation X	1965 – 1980	Personal computers, MTV culture, “latch‑key” kids
6	Millennials (Gen Y)	1981 – 1996	Internet adolescence, 9/11, social media rise
7	Generation Z	1997 – 2012	Smartphones, streaming, climate activism
8	Generation Alpha	2013 – 2025	Born into AI, tablets, global connectivity
9	Generation Beta	2026 – 2039 (projected)	Deep AI integration, climate adaptation

You have been automatically OPTED IN to allow Gmail to access all your private messages & attachments to train AI models

For the record, 

“IMPORTANT message for everyone using Gmail. You have been automatically OPTED IN to allow Gmail to access all your private messages & attachments to train AI models,” Engineer Dave Jones shared on X   on Nov 19, 2025. 

However, Google refutes this stating "Enabling the feature in Workspace says that “you agree to let Google Workspace use your Workspace content and activity to personalize your experience across Workspace,” according to the settings page, but according to Google, that does not mean handing over the content of your emails to use for AI training."

Google denies ‘misleading’ reports of Gmail using your emails to train AI | The Verge

“You have to manually turn off Smart Features in the Setting menu in TWO locations.”
Engineer Dave Jones shared on X   on Nov 19, 2025. 

Manage Workspace smart feature settings opens this page

and Learn more about these smart features opens this help page 

Learn about smart features & controls for Google Workspace & other Google products - Computer - Gmail Help

Last final working version of GIMP compatible with Windows 7

Can confirm v2.10.38 works on Windows 7 still, even though the download page says Win10 support only, see last image below.

Download Gimp v2.10.38 here - Index of /gimp/v2.10/windows/ 

Version 2.10.36 lists Windows 7+ as supported.

Version 2.10.38 lists Windows 10+ as supported only.

7Zip Symbolic Link–Based RCE Vulnerability (CVE-2025-11001) with proof-of-concept (PoC) code

7-Zip is third party EU FOSS approved software used to encrypt/decrypt many file formats, including zip, .tar, .gz, .rar  and proprietary .7z format.

The vulnerability in question is CVE-2025-11001 (CVSS score: 7.0, October 7th, 2025), which allows remote attackers to execute arbitrary code using symbolic links. 

Symlinks in Windows 10!  - Excellent article and demonstrates how a symbolic link can run an executable. 

Also fixed was CVE-2025-11002 (CVSS score: 7.0), that allows for remote code execution by taking advantage of improper handling of symbolic links within ZIP archives, resulting in directory traversal. Both shortcomings were introduced in version 21.02.

How to Fix

Fixed in 7-Zip version 25.01 (25.00 has been removed from download page) 

Upgrade your 7-zip now - Download (7-zip.org) - Confirmed working on Windows 7.

POC Code
pacbypass/CVE-2025-11001: Exploit for CVE-2025-11001 or CVE-2025-11002 (github.com)

Looking for RichCopy with an active download link - Update Nov 2025

This post will explore consolidate or merging multiple files in multiple locations into 1 (one) directory and consolidating repeat files into 1 file using Richcopy, a free easy-to-use utility from Microsoft.


Basically the Richcopy GUI tool has some advanced functionality found in Robocopy.  Robocopy is short for robust copy, and is a built-in Windows utility that provides robust file copy, such as copying files without permissions.  Read my post for more info.

First you need to get a copy of RichCopy  as described in this article in TechNet Magazine Utility Spotlight RichCopy, by J. Hoffman



RichCopy 4.0.217.0 is in this file HoffmanUtilitySpotlight2009_04.exe (5,896 KB)  named after J. Hoffman the author. Download and run setup.exe.

Update 2025: Download RichCopy 4.0.217 - FileCroco.com - HoffmanUtilitySpotlight2009_04.exe has Microsoft Signature intact.

Why Richcopy vs Robocopy? 

1. Ease of Use: RichCopy's GUI makes it easier for users who are not comfortable with command-line interfaces, while Robocopy requires familiarity with command-line syntax, which can have a steeper learning curve.

2. Performance: RichCopy's multithreading can lead to faster transfers in certain scenarios, but Robocopy's robust error handling and logging make it more reliable for critical file operations. 

3.  Functionality: Robocopy offers more advanced features for automation and scripting, making it suitable for IT professionals and system administrators who need to perform complex file operations regularly.

Image 1: RichCopy GUI

A brief background on Robocopy

Robocopy enables the more serious file replication tasks that can really simplify your job. The biggest benefit I think you'll find is the ability to create full mirror duplicates of two file structures (including all sub-directories and files, if you choose) without copying any unnecessary files. Only the files that are new or have been updated in the source location will be copied. Robocopy also allows you to preserve all of the associated file information, including date and time stamps, security access control lists (ACLs) and more.

Robocopy is built into Windows 7, Windows 8+, Windows 10+, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2016+ 

In this case, we're discussing the simplest of tasks: copying files. Except copying files is not always that simple. 

• What if you're copying thousands of files across a slow connection? 
• What happens if your network hiccups and interrupts the copy? 
• What if you want to make sure that you preserve particular file attributes, such as a Last Modified date, but not other attributes, like security descriptors? 
• What if you want to filter the files you're copying from source to destination based on filename or extension?
• Copy files without permissions and file information
• Copy files longer than 260 characters 
• Actively supported

Consolidate Repeated Files

RichCopy version 4.0 supports specifying multiple source directories. Default behavior is to create directories with same name as source, and make a copy. When this option is selected, RichCopy copy all sources files and directories into specified destination directory without creating directories with same name as source. 

Also, if you have File A in Directory 1 and File A in Directory 2, File A with the latest date will be copied into Destination directory. This behaviour can be altered using Copy always (do not compare source and destination) options, see image 2.

Never have repeat file again, especially when syncing to the cloud.

Consolidate Files Using RichCopy

Step 1 Choose multiple source directories and destination (consolidated) directory. 

NOTE : When this completes, Copy complete only mentions the last path of Source Path. 

Image 1: RichCopy GUI

Step 2 Choose Option button and select "Consolidate multiple sources"

Image 2: RichCopy Options interface

Step 3 Wait until "Copy Complete" appears in Description as in Image 1. Copy complete only mentions the last path of Source Path. This behaviour can be altered using Copy always (do not compare source and destination) options.

Step 4 Done.

Consolidate Multiple Source Results

Here's proof of the the process when using "Consolidate multiple sources" option; 

Our two source directories are c:\temp and c:\backup, and contain the same files NameLengths.txt and PathLengths.txt. 

Image 3 : Temp source Directory 

Take note of NameLength.txt time-stamp in Backup directory (Image 4) is newer than temp directory (Image 3 above).

Image 4 : Backup source directory

The resultant consolidate directory contains only 1 copy of the all the repeated files. Duplicate files are resolved using the most recent time-stamp. This behaviour can be altered using Copy always (do not compare source and destination) options.

NameLength.txt's time-stamp in Backup directory (Image 4) is newer than temp directory (Image 3 above) and therefore end-up in the output consolidate_test directory. 

Image 5 : Consolidate directory and files

There you go, a great way to consolidate your mess of duplicate files.  

Fix Path Tool Long Error and Conslidation

Richcopy will bomb on paths too long errors. It's a problem for many tools. 

I build a specialized tool to solve the path too long issue completely. Path Tool Long Auto Fixer tool is the 1st tool on the market to find all directories and filenames that are too long and auto correct them!

Download free demo at https://pathtoolongautofixer.blogspot.com

Windows 10 - Upgrading to latest version of Curl for Developers

Windows  10 comes with it's own curl but seems to be behind on the curl updates. So I wanted manually update curl to latest version which is curl 8.17.0 at time of writing. 




 Get latest curl for Windows

Firstly, delete curl.exe at C:\windows\system32 and C:\Windows\SysWOW64, these were stuck at version 7.52.0. You'll need take ownership of the file, with your username.

Then find what default curl.exe is being used in the command line cmd.exe. 

Execute  where curl.exe

So, we see chocalatey is now the source of curl.exe command, it's 1st on the resultant list.

Upgrading chocalety, using following command

   

choco upgrade chocolatey
choco upgrade curl

Upgrade completed with proper shims. 

If you don't have chocalety, then you can manually copy files from curl 8.17.0 zip folder /bin copy these files: 

curl-ca-bundle.crt

curl.exe

libcurl-x64.def

libcurl-x64.dll

trurl.exe

to next directory in the list.

 And now curl is upgraded in cmd.exe when you launch it.

   

C:\Users\Markus>curl -V
curl 8.17.0 (x86_64-w64-mingw32) libcurl/8.17.0 LibreSSL/4.2.1 zlib/1.3.1.zlib-ng brotli/1.2.0 zstd/1.5.7 WinIDN libpsl/0.21.5 libssh2/1.11.1 nghttp2/1.68.0 ngtcp2/1.17.0 nghttp3/1.12.0
Release-Date: 2025-11-05
Protocols: dict file ftp ftps gopher gophers http https imap imaps ipfs ipns ldap ldaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp ws wss
Features: alt-svc AsynchDNS brotli CAcert HSTS HTTP2 HTTP3 HTTPS-proxy IDN IPv6 Kerberos Largefile libz NTLM PSL SPNEGO SSL SSLS-EXPORT SSPI threadsafe UnixSockets zstd

And don't forget to rock. 

How to read/view a damage/corrupt PDF file

Sometimes PDF files can get scrambled and you are stuck not being able to open a PDF file. Most PDF software cannot open the test file below. Adobe Acrobat Reader issues the pop-up screen could not open because it's not a supported file type or the file has been damaged.

Solution: 

Get XpdfReader PDF software which can open limited malformed PDF files!

Also XPDFReader does not implement the Adobe JavaScript engine required for interactive features like calculations, validations, or dynamic field updates, make it safer option.


For more information about internal structure of PDFs

1. Basic Structure of PDF documents | Automate PDF (automatizarpdf.com)

2. In-depth exploration of PDF document structure - losLab Software Development

Test 1:

In the following sample file, the file starts with malformed PDF file signature 

%P!F- which is incorrect and should be %PDF-, as seen in FRHED editor. 

XpdfReader is the only app I came across that could open this file with this first malformed change.

Test 2: 
 
Then I remove leading angle bracket < where there should be two for <<Lineralired, and it opened! 

Source

The original unadulterated file header is

%PDF-1.5%<bh:e2><bh:e3><bh:cf><bh:d3>10 0 obj\<</Linearized 1/L 105981/O 12/E 101484/N 1/T 105677/H [ 502 173]>>endobj

Opened Malformed File

For more information about internal structure of PDFs

1. Basic Structure of PDF documents | Automate PDF (automatizarpdf.com)

2. In-depth exploration of PDF document structure - losLab Software Development

Example of absolute minimal PDF file contents "Hello World", copy and pasted into FHRED.

%PDF-1.1
1 0 obj
<< /Type /Catalog /Pages 2 0 R >>
endobj
2 0 obj
<< /Type /Pages /Kids [3 0 R] /Count 1 >>
endobj
3 0 obj
<< /Type /Page /Parent 2 0 R /MediaBox [0 0 200 200] /Contents 4 0 R /Resources << /Font << /F1 5 0 R >> >> >>
endobj
4 0 obj
<< /Length 44 >>
stream
BT
/F1 12 Tf
72 100 Td
(Hello World) Tj
ET
endstream
endobj
5 0 obj
<< /Type /Font /Subtype /Type1 /BaseFont /Helvetica >>
endobj
xref
0 6
0000000000 65535 f 
0000000009 00000 n 
0000000056 00000 n 
0000000107 00000 n 
0000000212 00000 n 
0000000310 00000 n 
trailer
<< /Size 6 /Root 1 0 R >>
startxref
380
%%EOF

Here's Hello World.pdf opened in XpdfReader 4.06

Trouble reading PDF file? Solution to reading malformed damaged PDF files

Sometimes PDF files can get scrambled and you are stuck not being able to open a PDF file. Most PDF software cannot open the test file below. Adobe Acrobat Reader issues the pop-up screen could not open because it's not a supported file type or the file has been damaged.

Solution: 

Get XpdfReader PDF software which can open a minor malformed PDF file(s)!

Also, XPDFReader does not implement the Adobe JavaScript engine required for interactive features like calculations, validations, or dynamic field updates, make it safer option.

Note: The #1 way to spread malware are PDF files that contain JavaScript script that executes when the file is opened, see my extensive post on this Locking down Adobe Reader to prevent PDF vulnerabilities, as much as possible for the dangers.


For more information about internal structure of PDFs

1. Basic Structure of PDF documents | Automate PDF (automatizarpdf.com)

2. In-depth exploration of PDF document structure - losLab Software Development

3. Great tool to analyze PDFs - PDF Stream Dumper (sandsprite.com)

Test 1:

In the following sample file, the file starts with malformed PDF file signature 

%P!F- which is incorrect and should be %PDF-, as seen in FRHED editor. 

XpdfReader is the only app I came across that could open this file with this first malformed change.

Test 2: 
 
Then I remove leading angle bracket < where there should be two for <<Lineralired, and it opened! 

Source

The original unadulterated file header is

%PDF-1.5%<bh:e2><bh:e3><bh:cf><bh:d3>10 0 obj\<</Linearized 1/L 105981/O 12/E 101484/N 1/T 105677/H [ 502 173]>>endobj

Opened Malformed File

For more information about internal structure of PDFs

1. Basic Structure of PDF documents | Automate PDF (automatizarpdf.com)

2. In-depth exploration of PDF document structure - losLab Software Development

Example of absolute minimal PDF file contents "Hello World", copy and pasted into FHRED.

%PDF-1.1
1 0 obj
<< /Type /Catalog /Pages 2 0 R >>
endobj
2 0 obj
<< /Type /Pages /Kids [3 0 R] /Count 1 >>
endobj
3 0 obj
<< /Type /Page /Parent 2 0 R /MediaBox [0 0 200 200] /Contents 4 0 R /Resources << /Font << /F1 5 0 R >> >> >>
endobj
4 0 obj
<< /Length 44 >>
stream
BT
/F1 12 Tf
72 100 Td
(Hello World) Tj
ET
endstream
endobj
5 0 obj
<< /Type /Font /Subtype /Type1 /BaseFont /Helvetica >>
endobj
xref
0 6
0000000000 65535 f 
0000000009 00000 n 
0000000056 00000 n 
0000000107 00000 n 
0000000212 00000 n 
0000000310 00000 n 
trailer
<< /Size 6 /Root 1 0 R >>
startxref
380
%%EOF

Here's Hello World.pdf opened in XpdfReader 4.06