Thursday, November 27, 2025

TD Phishing email with subject Official Compliance Communication - Immediate Renewal of W-8BEN Form Required


For the record, this is TD phishing email attempt that is recently going around, with subject "Official Compliance Communication - Immediate Renewal of W-8BEN Form Required" 


What to do?  Report them, go to bottom of page. 



From : TD Direct Investing <notify@epplhb.com>
Subject : Official Compliance Communication - Immediate Renewal of W-8BEN Form Required





PHISHING LINKs;

1. Hover over image

https://jpikwsr.com/?token=xxxxxxxx 


How to tell this is a Phishing email?

  1. Check email address in full, if it's not from originating company then it's phishing.
  2. Hover over all links in email, if it's not from the  company's website then forget it.
  3. The best way is to 

How to examine Email Message Source ?

Now lets look at message source
  1. Outlook.com->Actions->View Message Source. 
  2. Gmail.com->More (down arrow to top right)->Show original.
Check for suspicious links, anything that does not originate from original domain, like apple.com.


Report Phishing Email (not as Spam)

  1. Outlook.com->Junk (at Top)->Phishing Scam
  2. Gmail.com->More (down-arrow to top right)->Report Phishing 

Report Phishing

If you have recievied this email take further 

  1. https://www.google.com/safebrowsing/report_phish/


Report phishing at Microsoft and government agencies

  1. http://www.microsoft.com/security/online-privacy/phishing-faq.aspx

Posted by metadataconsulting (profile) at 7:30 AM 0 comments

Tuesday, November 25, 2025

npm registry including Postman package infected with Shai-Hulud supply-chain attack

 

The name npm (Node Package Manager) stems from when npm first was created as a package manager for Node.js.


Node.js is an open-source, cross-platform JavaScript runtime environment that allows developers to run JavaScript code outside of a browser. It is built on Chrome's V8 JavaScript engine, which makes it highly performant. Node.js is widely used for building servers, web applications, command-line tools, and scripts.

npm is the world's largest opens source software registry. The registry contains over 800,000 code packages for Node.js.

Novice developers just include open-source packages without doing any sort of security review, hence these kinds of attacks spread exponentially.

The Shai-Hulud malware is a self-replicating worm that targets the npm ecosystem, compromising hundreds of packages and exposing sensitive developer credentials.

At time of writing  27,000 malicious packages were infected, including Postman.

Postman package is a JavaScript library for a simple message bus, at time of writing has about ~750 downloads a week. 

Source : Shai-Hulud malware infects 500 npm packages, leaks secrets on GitHub (bleepingcomputer.com)


Sandworm

From Dune, the sandworm aka Shai-Hulud


POC Code : Shai-Hulud 2 Malware Campaign Targets GitHub and Cloud Credentials Using Bun Runtime | Blog | Endor Labs

Posted by metadataconsulting (profile) at 7:30 AM 0 comments

Monday, November 24, 2025

Social media usage across American generations, and top spot is not tik tok


It's that time of the year again, and end-of-year stats are beginning to be rolling in. Perhaps this is one of the most important. 

Current social media usage with American adults' chart by Pew Research Center for 2025. 

The Pew Research Center is widely cited in academia, journalism, and policymaking because of its commitment to neutrality and methodological rigor. Unlike advocacy organizations, Pew’s role is to inform rather than persuade, making it a trusted source for understanding public opinion and societal trends.

Source Article: Americans’ Social Media Use 2025 | Pew Research Center


































#Generation NameBirth YearsDefining Notes
1Lost Generation1883 – 1900WWI era, Jazz Age writers
2Greatest Generation1901 – 1927Great Depression resilience, WWII service
3Silent Generation1928 – 1945Post-war boom, early Civil Rights movement
4Baby Boomers1946 – 1964Suburban expansion, Moon landing, Woodstock
5Generation X1965 – 1980Personal computers, MTV culture, “latch‑key” kids
6Millennials (Gen Y)1981 – 1996Internet adolescence, 9/11, social media rise
7Generation Z1997 – 2012Smartphones, streaming, climate activism
8Generation Alpha2013 – 2025Born into AI, tablets, global connectivity
9Generation Beta2026 – 2039 (projected)Deep AI integration, climate adaptation















Posted by metadataconsulting (profile) at 7:30 AM 0 comments
Subscribe to: Comments (Atom)