dotNET Conference 2025 Top Videos Playlist

.NET Conference 2025 Playlist of Top Videos

TD Phishing email with subject Official Compliance Communication - Immediate Renewal of W-8BEN Form Required

For the record, this is TD phishing email attempt that is recently going around, with subject "Official Compliance Communication - Immediate Renewal of W-8BEN Form Required" 

What to do?  Report them, go to bottom of page. 

From : TD Direct Investing <notify@epplhb.com> Subject : Official Compliance Communication - Immediate Renewal of W-8BEN Form Required

ALSO, SHAME ON TD

TD took Epstein's money after Deutsche Bank severed ties with the disgraced financier, source says | Financial Post

PHISHING LINKs;

1. Hover over image

https://jpikwsr.com/?token=xxxxxxxx 

How to tell this is a Phishing email?

1. Check email address in full, if it's not from originating company then it's phishing.
2. Hover over all links in email, if it's not from the  company's website then forget it.
3. The best way is to 

How to examine Email Message Source ?

Now lets look at message source

1. Outlook.com->Actions->View Message Source. 
2. Gmail.com->More (down arrow to top right)->Show original.

Check for suspicious links, anything that does not originate from original domain, like apple.com.

Report Phishing Email (not as Spam)

1. Outlook.com->Junk (at Top)->Phishing Scam
2. Gmail.com->More (down-arrow to top right)->Report Phishing 

Report Phishing

If you have recievied this email take further 

1. https://www.google.com/safebrowsing/report_phish/

Report phishing at Microsoft and government agencies

1. http://www.microsoft.com/security/online-privacy/phishing-faq.aspx

npm registry including Postman package infected with Shai-Hulud supply-chain attack

 

The name npm (Node Package Manager) stems from when npm first was created as a package manager for Node.js.

Node.js is an open-source, cross-platform JavaScript runtime environment that allows developers to run JavaScript code outside of a browser. It is built on Chrome's V8 JavaScript engine, which makes it highly performant. Node.js is widely used for building servers, web applications, command-line tools, and scripts.

npm is the world's largest opens source software registry. The registry contains over 800,000 code packages for Node.js.

Novice developers just include open-source packages without doing any sort of security review, hence these kinds of attacks spread exponentially.

The Shai-Hulud malware is a self-replicating worm that targets the npm ecosystem, compromising hundreds of packages and exposing sensitive developer credentials.

At time of writing  27,000 malicious packages were infected, including Postman.

Postman package is a JavaScript library for a simple message bus, at time of writing has about ~750 downloads a week. 

Source : Shai-Hulud malware infects 500 npm packages, leaks secrets on GitHub (bleepingcomputer.com)

From Dune, the sandworm aka Shai-Hulud

POC Code : Shai-Hulud 2 Malware Campaign Targets GitHub and Cloud Credentials Using Bun Runtime | Blog | Endor Labs