Chris Bukavich

🚨 CRITICAL: Active supply chain attack on axios -- one of npm's most depended-on packages. The latest [email protected] now pulls in [email protected], a package that did not exist before today. This is a live compromise. This is textbook supply chain installer malware. axios has 100M+ weekly downloads. Every npm install pulling the latest version is potentially compromised right now. Socket AI analysis confirms this is malware. plain-crypto-js is an obfuscated dropper/loader that: • Deobfuscates embedded payloads and operational strings at runtime • Dynamically loads fs, os, and execSync to evade static analysis • Executes decoded shell commands • Stages and copies payload files into OS temp and Windows ProgramData directories • Deletes and renames artifacts post-execution to destroy forensic evidence If you use axios, pin your version immediately and audit your lockfiles. Do not upgrade.

We are scouting for reverse engineering talent to contribute to Microsoft’s intelligence mission: https://t.co/awiZyJBlal I can’t guarantee you will understand the vast security data, but I can promise you will often be the first human defender to ever look at a certain malicious code. You have the opportunity (duty?) to create global protections for that malware – for enterprises and home users alike. Quite a few times, you will do this before it causes any harm. Curiosity & ingenuity as important as technical experience. If we have worked together (#FLARE 👀 or otherwise), please DM for questions.