๐จ CRITICAL: Active supply chain attack on axios -- one of npm's most depended-on packages.
The latest [email protected] now pulls in [email protected], a package that did not exist before today. This is a live compromise.
This is textbook supply chain installer malware. axios has 100M+ weekly downloads. Every npm install pulling the latest version is potentially compromised right now.
Socket AI analysis confirms this is malware. plain-crypto-js is an obfuscated dropper/loader that:
โขย Deobfuscates embedded payloads and operational strings at runtime
โขย Dynamically loads fs, os, and execSync to evade static analysis
โขย Executes decoded shell commands
โขย Stages and copies payload files into OS temp and Windows ProgramData directories
โขย Deletes and renames artifacts post-execution to destroy forensic evidence
If you use axios, pin your version immediately and audit your lockfiles. Do not upgrade.
@VictorTaelin Does anyone have an equivalent working flow for Android? Currently using tmux + Termius + tailscale, but using Termius on mobile with the keyboard layout doesn't play nicely for me and feels cumbersome.
Today we are launching @openwork_ai, an open-source (MIT-licensed) computer-use agent thatโs fast, cheap, and more secure.
@openwork_aiย is the result of a short two-day hackathon our team decided to hack, which brings together some of our favorite open source AI modules into one powerful agent, to allow you to:
1. Bring your own model/API key (any provider and model supported by @opencode is supported by Openwork)
2. ~4x faster than Claude for Chrome/Cowork, and much more token-efficient, powered by dev-browser by @sawyerhood (legend)
3. More secure - contrary to Claude for Chrom/Cowork, does not leverage the main browser instance where you are logged into all services already. You login only to the services you need. This significantly reduces the risk of data loss in case of prompt injections, to which computer-use agents are highly exposed.
4. Free and 100% open-source!
You can download the DMG (macOS only for now) or fork the github repo via the link in bio (@openwork_ai).
Let us know what you think (or better, send a pull request)!
we've been hard at work improving @cursor_ai Agent, allowing you to delegate more tasks and let it work alongside you
agent works just like a human developer, with access to your tools, codebase context, and the ability to take actions
here's what Agent can do โ
What fuels thriving relationships? #Responsiveness: #Listening, understanding, and supporting each other.
In our new chapter, Harry Reis and I present an integrated model of responsiveness and its powerful impact on #connection and well-being.
https://t.co/Q9whbPtNJ8
It's BFCM time again! I wrote my book Leading Snowflakes for new Engineering Managers and it's now 50%-off for all packages https://t.co/8CCQrx1GEA
Please share if you got value in the past 11 years from https://t.co/Alau2bRbFY, https://t.co/liPNQBmMRP, https://t.co/KlTsnvhRBB and want to support my work and get free good karma for life.
The Korean people show their love and support for Israel today in downtown Seoul. More than 2000 people attended.
Thank you dear friends ๐ฎ๐ฑ๐๐ฐ๐ท
์ค๋ ์์ธ์ ์ค์ฌ์์ 2์ฒ์ฌ ๋ช ์ ํ๊ตญ ๊ตญ๋ฏผ๋ค๊ป์ ์ด์ค๋ผ์์ ๋ํ ์ฌ๋๊ณผ ์ง์ง๋ฅผ ๋ณด์ฌ์ฃผ์ จ์ต๋๋ค. ๊ฐ์ฌํฉ๋๋ค ๐ฎ๐ฑ๐๐ฐ๐ท
1๐งต Iran and Israel are unnatural enemies. They have complimentary national interests (energy/technology), a historic cultural affinity (Persians/Jews), and no bilateral land or resource disputes. Their conflict is best understood through the prism of ideology, not geopolitics.