Olivia
Online
Charles Neill
@ccneill
Risky business
Austin, TX
Joined July 2012
1.2K Following
612 Followers
7.6K Posts
https://t.co/b3IAq0GqUY
Reset the counter to 0 days since the last Python/JS supply chain attack...
🚨 CRITICAL: Active supply chain attack on axios -- one of npm's most depended-on packages.
The latest [email protected] now pulls in [email protected], a package that did not exist before today. This is a live compromise.
This is textbook supply chain installer malware. axios has 100M+ weekly downloads. Every npm install pulling the latest version is potentially compromised right now.
Socket AI analysis confirms this is malware. plain-crypto-js is an obfuscated dropper/loader that:
• Deobfuscates embedded payloads and operational strings at runtime
• Dynamically loads fs, os, and execSync to evade static analysis
• Executes decoded shell commands
• Stages and copies payload files into OS temp and Windows ProgramData directories
• Deletes and renames artifacts post-execution to destroy forensic evidence
If you use axios, pin your version immediately and audit your lockfiles. Do not upgrade.
Funny watching articles spread like wildfire on X now. You already know what article I'm talking about without me describing it at all
I can't decide if this is an algo artifact or if people are just using AI to summarize them now, speeding up their Time To Hot Take Reply
This is the gnarliest npm worm I've seen so far, and these will only get worse - appears this might still be in the testing phase
Persistence via git global config to poison future repos, CI jobs to grab new creds, even malicious MCP server injection
Amazing write-up - read!
🚨 Active supply chain attack
New Shai-Hulud–like npm worm (19+ packages, 2 aliases) stealing dev/CI secrets, injecting GitHub workflows, poisoning AI toolchains, and harvesting LLM API keys.
Details → https://t.co/ukQ2nVmzif #NodeJS #JavaScript
Who to follow
Alex Moneypenny
@alexmoneypenny
THE SHOCKING TRUTH ABOUT FLAT EARTH @ Edinburgh Fringe this summer, @DiffKnock creator (150k subs across YouTube) & World Cup docuseries out NOW...
👁️ autosurveillant 👁️
@pee_zombie
qualia haver (store-bought)
cистема автомониторинга
EX.IO_晨儿姐(Chenr)
@wuchenchen
Founder of https://t.co/eJPXcsRfyg (HK SFC Licensed VATP). 清华学姐. 酒吧老板娘
🚨 Active supply chain attack
New Shai-Hulud–like npm worm (19+ packages, 2 aliases) stealing dev/CI secrets, injecting GitHub workflows, poisoning AI toolchains, and harvesting LLM API keys.
Details → https://t.co/ukQ2nVmzif #NodeJS #JavaScript
"AI will let companies fire all the engineers."
Then who will dream up the unhinged video game programming environment that gets other engineers to lock in for 36 hours of straight prompting, HMM? 🤨
Announcing https://t.co/Te7kvitMfu - manage claude code in style!
New:
• Spatial Audio. Claude behind you? Claude on your left? No claublem!
• Animations: What's Claude up to? Watch him! ◕ ‿ ◕
Vibecraft uses your own local CC instances - no files or prompts are shared.
@AlexCaswen Importantly, though, I think it is a more meritocratic and open hierarchy than would occur with the groupchatification of everything
The ideal social media network for me would eliminate or significantly reduce the game of positioning yourself above others as if you were at the pinnacle of knowledge/skill in something
It would be built in - by virtue of you being here, you're on my level & we eschew the game
@AlexCaswen I actually don't mind the subtle reference to hierarchy, because the hierarchy is kinda the point. Otherwise it's just reddit
Gotta figure out how the staircase would work...
@AlexCaswen Silo has a negative connotation in tech, but in this case I think it's fairly accurate. The idea necessarily constrains scope so that popularity and other irrelevant factors don't overwhelm the value of one's contributions to a silo/level in the selection process
Happy new year, friends! Here's hoping we all avoid becoming part of the permanent underclass in 2026
Link here:
https://t.co/9aVlD1pXuI
I can already predict the critics' responses to @profplum99's latest piece: "SEE?! NOT $140K!"
And to those who actually read the piece, this will be just as irrelevant as their previous critiques
Lol
H/T @Duderichy
@adamscrabble I'd potentially have >2k followers if I didn't block these. I'm curious about the ones that don't have any location data visible at all..
Looking through my block list, almost all the spam bots/fake accounts that follow me are from Hong Kong or Cambodia (I ~only block bots)
Seems like that should be easy to detect!
Looking through my block list, almost all the spam bots/fake accounts that follow me are from Hong Kong or Cambodia (I ~only block bots)
Seems like that should be easy to detect!
I've blocked enough of these stupid bots to almost double my follower count, but I am a man of virtue
Wonder how things have evolved at the bank regulators since this 2022 @Macro_Musings interview with @billnelson2x2
https://t.co/ecjcm6sNdB
BREAKING 🚨: Banks
New York Fed apparently held an emergency meeting with Wall Street Banks to discuss money market liquidity concerns 🤯😱👀
He's baaaaaack
https://t.co/Na9hhL60rl
@cryptodavidw It seems to estimate based on what a human would say. I don't think LLMs have a good sense of time wrt their own capabilities
Friends have reported estimates of "weeks" that were knocked out in a couple hours
This was an excellent episode covering both cybersecurity and financial risks from an engineering perspective!
I'll save Patrick the algo hit and post the links:
https://t.co/FCVn1tVBZC
https://t.co/dFC63PsegS
https://t.co/9UJt83PKoW
This week for Complex Systems we're switching up the format a bit, since I was invited to give a talk at the Bank of England, on how a systems engineer thinks about systemic risk in a way that might be additive to central bankers. (All opinions in the talk are my own, etc etc.)
Last Seen Users on Sotwe
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.1M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.9M followers
Taylor Swift
@taylorswift13
80.7M followers
Lady Gaga
@ladygaga
72.3M followers
Kim Kardashian
@kimkardashian
69.4M followers
Virat Kohli
@imvkohli
68.7M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.2M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60M followers