Xinference PyPI Package Compromised in Supply Chain Attack

A supply chain attack on the Xinference PyPI package (versions 2.6.0-2.6.2) injected an infostealer that exfiltrates cloud credentials, API keys, and system secrets. Users must downgrade to version 2.5.0 and rotate all potentially compromised credentials immediately.

**If you're using Xinference, immediately check if you have versions 2.6.0, 2.6.1, or 2.6.2 installed and downgrade to version 2.5.0, which is the last safe release. Since the malicious versions steal credentials, you must also rotate all API keys, cloud secrets, SSH keys, and database passwords that may have been exposed on affected systems.**
#cybersecurity #infosec #advisory #databreach
https://beyondmachines.net/event_details/xinference-pypi-package-compromised-in-supply-chain-attack-q-v-0-n-q/gD2P6Ple2L

This dumb password rule is from Vio Bank.

The password requirement is not even fully enumerated. Upon inspection of the source code, the following lines were found, hidden by javascript: "Must include at least %MINSPECIAL of the following characters:-.~!@#&_{}|:$%^*()=[];?/+"

The actual list of special characters that are prohibited is ...

https://dumbpasswordrules.com/sites/vio-bank/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

On my KDE desktop, "Windows Key + R" pulls up the Spectacle tool to start/stop a region recording.

Sorry boss, no dice at your trojan install. Nice try though.

#security #cybersecurity

Alt...

Fake Cloudflare captcha modal dialog trying to trick the user into installing a trojan on a Windows machine.

This dumb password rule is from Suncorp.

To "improve security" and "be password savvy", passwords must:
- be six to eight characters long
- Contain both numbers and letters
- Include upper and lowercase letters

https://dumbpasswordrules.com/sites/suncorp/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Mein Gehirn hat heute Nacht ein komplettes Musical mit dem absurden Titel #cybersecurity geschrieben und darin alle #infosec Probleme meiner Freunde und Familie adressiert. Mit themenzentrierten Songs. Und glitzernden Outfits.
Und wenn mich nicht alles täuscht wollte ich selbst die Rolle eines Flaschengeistes übernehmen und eine wichtige #privacy Information vorsingen und tanzen - aber leider ist bei den Proben zum #musical dann der Mob bzw die Mafia gekommen und hat uns alle hopps genommen 🥲

This dumb password rule is from IRS.

Password rules:
- Between 8 and 32 characters long
- Must contain at least one numeric and one special character (!@#$%&*)
- At least one uppercase and at least one lowercase letter

https://dumbpasswordrules.com/sites/irs/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from ICAgile.

Observed on November 17, 2020:

Password must contain:
- 8-15 total characters
- At least one lowercase letter
- At least one uppercase letter
- At least one number
- At least one special character (e.g., !#$%^*)

They don't seem to have a public registration form. You receive a registration link...

https://dumbpasswordrules.com/sites/icagile/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Advanzia.

- Requires at least 6 to a maximum of 12 characters [sic!]
- Allows only digits and letters without umlauts
- Allows only specific special characters: ? ! $ \u20AC% & * _ = - +. ,:; / () {} [] ~ @ #
- Allows no spaces"

https://dumbpasswordrules.com/sites/advanzia/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from IRS.

Password rules:
- Between 8 and 32 characters long
- Must contain at least one numeric and one special character (!@#$%&*)
- At least one uppercase and at least one lowercase letter

https://dumbpasswordrules.com/sites/irs/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Chase Bank.

* Can't use any special characters except ! # $ % + / = @ ~
* Max length restriction (32 characters).
* No runs of identical characters ("aaa") or sequential characters ("abc").
* Password check is case-insensitive

https://dumbpasswordrules.com/sites/chase-bank/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from IKEA.

Dumb restriction for consecutive similar characters. Wonder if someone got more that 2 identical characters in their name then
it won't allow you to even use name in password.

Password must contain:
- 8-20 characters
- **No more than 2 identical characters in a row**
- A lowercase letter (a-z)
-...

https://dumbpasswordrules.com/sites/ikea/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Ancestry.

Password:
- Must be at least 8 characters long
- Must contain at least 1 number
- Must contain at least 1 letter or special character
- Must not be a well known or common password

https://dumbpasswordrules.com/sites/ancestry/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from La Banque Postale.

Password must be 6 digits and entered on custom pad.

https://dumbpasswordrules.com/sites/la-banque-postale/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Shell Fuel Rewards.

- No less than 8 and no more than 16 characters
- Allows only specific special characters: ! @ # $ %
- Doesn't bother to tell you what characters are allowed or not. Hope you like reading JS.

https://dumbpasswordrules.com/sites/shell-fuel-rewards/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

RE: https://infosec.exchange/@clueax/116420851531002484

Having recently completed a master's degree in Cybersecurity, this is incredibly accurate.

#infosec #cybersecurity

This dumb password rule is from United States Postal Service.

Pick from an arbitrary list of symbols, and no repeating characters.

https://dumbpasswordrules.com/sites/united-states-postal-service/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Best Buy.

You can enter whatever password you like! But you probably don't want to
make it too long, because you'll break us and you'll never be able to
login again.

https://dumbpasswordrules.com/sites/best-buy/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

🎓 Bühne frei für starke Ideen in der Cybersicherheit

Der 25. Best Student Award geht an Yasin Bachiri für den Vortrag „Praxisorientierte Strategien zur Mitigation von Cybersicherheitsrisiken generativer KI-Modelle im unternehmerischen Kontext“ 🏆

Die Auszeichnung ehrt Beiträge zu aktuellen Fragen der IT-Sicherheit & zeigt, wie wichtig der Austausch zwischen Nachwuchs, Forschung & Praxis ist.

Glückwunsch zu diesem Erfolg. 👏

#Cybersecurity #BSIKongress2026 #CybernationDeutschland #designoffices

Alt...

Yasin Bachiri von der Hochschule Niederrhein wurde im Rahmen des Deutschen IT-Sicherheitskongresses für seinen Beitrag zu Cybersicherheitsrisiken generativer KI-Modelle mit dem Best Student Award geehrt und hält die Urkunde in den Händen.

This dumb password rule is from Express Energy.

Retail Electricity Provider (REP) participating in ERCOT.

Minimum 6, maximum 10. Stated requirement of numbers and letters, but special characters are accepted.

https://dumbpasswordrules.com/sites/express-energy/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from E-Trade.

Causes:
* Your two-factor authentication code must be appended to the end of the password
* Passwords have a limit of 32 characters

Effect:

If your account has a 32-character password and has two-factor authentication,
their system appears to cut off the token, making it impossible to login.
Yo...

https://dumbpasswordrules.com/sites/e-trade/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Bank of America.

20 character max and lots of special character restrictions.
Bank of America - keeping your money safe.

Also: If you paste a password greater than 20 characters,
the form truncates it without telling you or giving an
error.

https://dumbpasswordrules.com/sites/bank-of-america/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Adam Savage learning about how evil #USB devices can be is a fantastic thing to watch.
https://youtu.be/OpcuqePIL7k

#security #cybersecurity #sysadmin

This dumb password rule is from Banco Nacional (Costa Rica National Bank).

Between 8 and 16 characters.

Must have 4 numbers and 4 letters.

Must not contain same letter or number in consecutive order.

Can't contain vowel letters neither the letter Ñ.

Password can't be the same as the previous 6 used.

https://dumbpasswordrules.com/sites/banco-nacional-costa-rica-national-bank/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from MetLife.

Max length of 20 characters, no special characters allowed.
Pasting into the second password field is disabled even with
the Chrome extension Don't Fuck With Paste.

https://dumbpasswordrules.com/sites/metlife/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Vancity Credit Union.

Personal Access Code (or PAC–they are too ashamed to call it a password), must be between 5 to 8 digits and cannot start with '0'. (no letters or symbols)

https://dumbpasswordrules.com/sites/vancity-credit-union/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Scandinavian Airlines.

The password rules itself is fine, but, it doesn't inform about the max length of the password.
Their max length is 14 characters, so even if you enter a password of 42 chars, you can login with the first 14 of it.
In this case, I changed my password to **Super_l0ng_password_that_fits_all_criteri...

https://dumbpasswordrules.com/sites/scandinavian-airlines/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Benergy4.

12 to 25 characters, only these special chars allowed: @+/'!#$^?:,.(){}[]~-.
Also, security questions.

https://dumbpasswordrules.com/sites/benergy4/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from LibraryThing.

"Your password cannot be longer than 20 characters"

https://dumbpasswordrules.com/sites/librarything/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Switzerland Ends #Palantir Contract Over #Data #Sovereignty Risks - #Cybersecurity

#Switzerland’s decision to discontinue the use of Palantir is not a #technology story.

- It's a #risk management story. The platform was not rejected because it failed to perform. On the contrary, it delivered advanced data fusion and operational insight.

It was rejected because the residual sovereignty risk was considered unacceptable.

#security #BigData #insecure #surveillance #SurveillanceCapitalism

[1/2]

This dumb password rule is from Return of Reckoning.

Password must be between 6 and 100 characters.

It doesn't say on the website, but the password only works in the related game client if it is purely alphanumeric. Not even special characters like % or $ are allowed.

https://dumbpasswordrules.com/sites/return-of-reckoning/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from myezyaccess.com patient portal system.

12-character maximum password length. This is not a single website but a patient portal system used by hundreds of medical facilities via subdomains, with password policy apparently being consistent for all sites.

https://dumbpasswordrules.com/sites/myezyaccess-com-patient-portal-system/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

🆕 blog! “FobCam '25 - All my MFA tokens on one page”

Some ideas are timeless. Back in 2004, an anonymous genius set up "FobCam". Tired of having to carry around an RSA SecurID token everywhere, our hero simply left the fob at home with an early webcam pointing at it. And then left the page open for all to see.

Security expert Bruce…

👀 Read more: https://shkspr.mobi/blog/2025/04/fobcam-25-all-my-mfa-tokens-on-one-page/
⸻
#2fa #CyberSecurity #MFA #Satire(Probably) #security

This dumb password rule is from Coventry Building Society.

Password has to be between 6 and 10 characters, can't contain any punctuation and you have to give characters from it on the phone to confirm identity.

https://dumbpasswordrules.com/sites/coventry-building-society/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Nelnet (student loan servicer).

8 to 15 characters and no spaces? Why no spaces? Also limited to only these 6 special characters. That could mean that there is some process somewhere that puts this as part of a command line invocation.

https://dumbpasswordrules.com/sites/nelnet-student-loan-servicer/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

I don't know if I have to say this, but please do not use postmarketOS on a personal device if you are doing anything security critical or requiring high levels of data protection. Android or iOS are much better options for this. I would generally recommend a Google Pixel with GrapheneOS if you really need peace-of-mind. Heck, a random stock Android ROM from a carrier phone is probably more secure with some adb work.

#PostMarketOS #Android #iOS #CyberSecurity

Anthropic-KI Mythos: Dringende Warnung an US-Banken, BSI erwartet Umwälzungen

Anthropics neue KI Mythos sorgt für Aufregung. In den USA wurden die Chefs der systemrelevanten Banken einbestellt, hier erwartet das BSI weitreichende Folgen.

https://www.heise.de/news/Anthropic-KI-Mythos-Dringende-Warnung-an-US-Banken-BSI-erwartet-Umwaelzungen-11251450.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#Anthropic #BSI #Cybersecurity #IT #KünstlicheIntelligenz #Sicherheitslücken #Wirtschaft #news

hey so this is probably completely pointless but: looking for a job (NZ or fully remote willing to hire a kiwi) in SRE, security, or linux/Unix system administration. 15 years expereince administering Linux and Unix boxes, intermediate level of experience working with docker compose and containerisation and container security. No prior job experience unfortunately, all those 15 years were mostly personal projects and small-scale stuff for friends. Currently running an entire multi-machine personal cloud infrastructure with a demonstration of all the services I have running at https://status.highenergymagic.net. Entirely willing to accept entry-level job placements, no expectation of being paid a lot or anything, just want to be doing something and move the needle a little on my current "being broke" status. #fedihired #infosec #cybersecurity #linux #unix #docker #sre #DevOps #GetFediHired

Please boost for reach, any job offers please DM me.

This dumb password rule is from Unicaja.

Username is your national Spanish ID (easy to find).
Your password must be 6 characters long. You can't type, only select characters from the virtual keyboard

https://dumbpasswordrules.com/sites/unicaja/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

hey so this is probably completely pointless but: looking for a job (NZ or fully remote willing to hire a kiwi) in SRE, security, or linux/Unix system administration. 15 years expereince administering Linux and Unix boxes, intermediate level of experience working with docker compose and containerisation and container security. No prior job experience unfortunately, all those 15 years were mostly personal projects and small-scale stuff for friends. Currently running an entire multi-machine personal cloud infrastructure with a demonstration of all the services I have running at https://status.highenergymagic.net. Entirely willing to accept entry-level job placements, no expectation of being paid a lot or anything, just want to be doing something and move the needle a little on my current "being broke" status. #fedihired #infosec #cybersecurity #linux #unix #docker #sre #DevOps

Please boost for reach, any job offers please DM me.