Cloud and container security • Security research and open source at Datadog 🇨🇭🇫🇷 https://christophetd.frhttps://bsky.app/profile/christophetd.frhttps://bsky.app/profile/christophetd.fr/post/3miezwd63xc22I wrote up an analysis of the Axios compromise: https://securitylabs.datadoghq.com/articles/axios-npm-supply-chain-compromise/ Crazy how while researchers were filing issues to report the compromise, the attacker was deleting them in real time using the maintainer's GitHub access!31 Mar 2026 20:39 +0000at://did:plc:zwlpsxw2udovqf4mbfi4ibqf/app.bsky.feed.post/3miezwd63xc22https://bsky.app/profile/christophetd.fr/post/3mhv2u637xs2yYesterday, a threat actor compromised 2 versions of the LiteLLM Python package (40k stars, 3M+ weekly downloads). The malicious versions had 120k downloads before being taken down Full write-up: https://securitylabs.datadoghq.com/articles/litellm-compromised-pypi-teampcp-supply-chain-campaign/ Timeline (h/t @ramimac.me): ramimac.me/trivy-teampcp/ [contains quote post or other embedded content]25 Mar 2026 12:14 +0000at://did:plc:zwlpsxw2udovqf4mbfi4ibqf/app.bsky.feed.post/3mhv2u637xs2yhttps://bsky.app/profile/christophetd.fr/post/3mgn4h7mkrc2sFresh and active AWS phishing campaign with 3 main domains: cloud-recovery[.]us cloud-recovery[.]net aws[.]cloud-recovery[.]us ... with hands-on-keyboard activity 20 minutes after credentials are submitted [contains quote post or other embedded content]09 Mar 2026 14:56 +0000at://did:plc:zwlpsxw2udovqf4mbfi4ibqf/app.bsky.feed.post/3mgn4h7mkrc2shttps://bsky.app/profile/christophetd.fr/post/3meoa3lptg22eI asked Claude (Opus 4.6) and Codex (GPT-5.3) to each generate a simple LinkedList implementation in Java. Then I asked Claude to pick the better one. No hesitation: "The Codex version is better" 🤔 https://gist.github.com/christophetd/223c4e762242e04cca1f04eff42c89d612 Feb 2026 14:43 +0000at://did:plc:zwlpsxw2udovqf4mbfi4ibqf/app.bsky.feed.post/3meoa3lptg22ehttps://bsky.app/profile/christophetd.fr/post/3mddpn4vdjc2rIf you're using VSCode or Cursor, this is a pretty solid extension to have in your toolbox! [contains quote post or other embedded content]26 Jan 2026 16:57 +0000at://did:plc:zwlpsxw2udovqf4mbfi4ibqf/app.bsky.feed.post/3mddpn4vdjc2rhttps://bsky.app/profile/christophetd.fr/post/3m6w62jrus224"Building an npm worm" (2016) https://contolini.com/building-an-npm-worm01 Dec 2025 09:57 +0000at://did:plc:zwlpsxw2udovqf4mbfi4ibqf/app.bsky.feed.post/3m6w62jrus224https://bsky.app/profile/christophetd.fr/post/3m2pm5neohs2dIf you're in cloud security, do have a look at this piece of research I've been working on! Feedback / thoughts welcome [contains quote post or other embedded content]08 Oct 2025 21:40 +0000at://did:plc:zwlpsxw2udovqf4mbfi4ibqf/app.bsky.feed.post/3m2pm5neohs2dhttps://bsky.app/profile/christophetd.fr/post/3lyuaxs2tjc27If you're into cloud security, fwd:cloudsec Europe is now live. Schedule: https://fwdcloudsec.org/conference/europe/schedule.html [contains quote post or other embedded content]15 Sep 2025 07:12 +0000at://did:plc:zwlpsxw2udovqf4mbfi4ibqf/app.bsky.feed.post/3lyuaxs2tjc27https://bsky.app/profile/christophetd.fr/post/3lvz3z23was2q@micahflee.com thank you for the amazing and inspiring defcon talk10 Aug 2025 01:11 +0000at://did:plc:zwlpsxw2udovqf4mbfi4ibqf/app.bsky.feed.post/3lvz3z23was2qhttps://bsky.app/profile/christophetd.fr/post/3lv4wfubyoc2qI arbitrarily picked a list of 50 talks I'm most excited about that are happening next week at DEF CON / Black Hat / BSides LV / The Diana Initiative. I'll also add recordings/slides to this list when they become available! [contains quote post or other embedded content]29 Jul 2025 20:17 +0000at://did:plc:zwlpsxw2udovqf4mbfi4ibqf/app.bsky.feed.post/3lv4wfubyoc2qhttps://bsky.app/profile/christophetd.fr/post/3luzescql622qGetting ready for DEF CON next week! ✅ Slides ✅ Demos ✅ Custom shirt designed for the occasion28 Jul 2025 10:23 +0000at://did:plc:zwlpsxw2udovqf4mbfi4ibqf/app.bsky.feed.post/3luzescql622qhttps://bsky.app/profile/christophetd.fr/post/3lubixrmzms2iLooks like the maintainer of a number of highly-popular npm packages was phished through npnjs[.]com, and his access used to publish malicious versions of their packages https://x.com/JounQin/status/1946297662069993690 https://www.linkedin.com/feed/update/urn:li:activity:7352081552123580419/ https://github.com/prettier/eslint-config-prettier/issues/33918 Jul 2025 22:34 +0000at://did:plc:zwlpsxw2udovqf4mbfi4ibqf/app.bsky.feed.post/3lubixrmzms2ihttps://bsky.app/profile/christophetd.fr/post/3lsbk35nfu22xStratus Red Team AWS attack techniques are now mapped to the Threat Technique Catalog for AWS Stratus Red Team AWS attack techniques: https://stratus-red-team.cloud/attack-techniques/AWS/ Threat Technique Catalog by AWS: https://aws-samples.github.io/threat-technique-catalog-for-aws/23 Jun 2025 12:04 +0000at://did:plc:zwlpsxw2udovqf4mbfi4ibqf/app.bsky.feed.post/3lsbk35nfu22xhttps://bsky.app/profile/christophetd.fr/post/3lsb7hoepmk2uThe MCP spec has been updated to include security best practices • Confused deputy • Token passthrough • Session hijacking https://modelcontextprotocol.io/specification/2025-06-18/basic/security_best_practices23 Jun 2025 08:54 +0000at://did:plc:zwlpsxw2udovqf4mbfi4ibqf/app.bsky.feed.post/3lsb7hoepmk2uhttps://bsky.app/profile/christophetd.fr/post/3lralv5tuxs25Solid way to start the week10 Jun 2025 09:38 +0000at://did:plc:zwlpsxw2udovqf4mbfi4ibqf/app.bsky.feed.post/3lralv5tuxs25https://bsky.app/profile/christophetd.fr/post/3lp7ph4ivnk2l👀 [contains quote post or other embedded content]15 May 2025 14:19 +0000at://did:plc:zwlpsxw2udovqf4mbfi4ibqf/app.bsky.feed.post/3lp7ph4ivnk2lhttps://bsky.app/profile/christophetd.fr/post/3lonpwb2d4c2iIf you're a cloud practitioner based in Europe, definitely submit to fwd:cloudsec Berlin happening in September! We're actively seeking submissions from first time speakers and non-security folks. In that case, you can submit by May 30th and get initial feedback on your submission! [contains quote post or other embedded content]08 May 2025 10:39 +0000at://did:plc:zwlpsxw2udovqf4mbfi4ibqf/app.bsky.feed.post/3lonpwb2d4c2ihttps://bsky.app/profile/christophetd.fr/post/3ll4rgm5o2k2tLooking forward to it! ☁️🇪🇺🇩🇪 [contains quote post or other embedded content]24 Mar 2025 12:36 +0000at://did:plc:zwlpsxw2udovqf4mbfi4ibqf/app.bsky.feed.post/3ll4rgm5o2k2t