Open source bytes.
osbytes is a collective of builders contributing to open source for the common good.
Contribution activity
last 365 days · org-wideRecent activity
0 eventsFeatured projects
all repos →Latest from the blog
archive →Mastra's entire @mastra npm scope got republished with an easy-day-js caret trap
An attacker republished 140+ @mastra packages with a fake dayjs dependency; caret semver pulled a weaponized easy-day-js@1.11.22 while audits of ^1.11.21 looked clean. The poison landed at npm publish time, not in Mastra's git tree.
2026-06-17
@osbytes7 min read#security · #supply-chain · #npm · #javascript · #ai · #incident-responseCheck Point's IKEv1 VPN auth bypass is under active exploitation (CVE-2026-50751)
Check Point's emergency advisory today confirms CVE-2026-50751: unauthenticated VPN sessions over deprecated IKEv1, exploited since at least May 7, with one case tied to Qilin ransomware. Four end-of-support gateway branches get no hotfix — upgrade or disable IKEv1.
2026-06-08@osbytes6 min read#security · #vpn · #checkpoint · #cve · #coordinated-disclosure · #infrastructureWindows Update lost enrollment cache and bypassed Intune driver blocks
MO1332784 is closed, but Intune shops still need to audit June 1–4: a Windows Update caching service dropped enrollment metadata, so managed PCs looked unmanaged and driver-approval policies stopped applying. Signed drivers, real fleet pain.
2026-06-05@osbytes7 min read#windows · #intune · #postmortem · #reliability · #operations · #incident-response · #microsoft