anarchistx (purgatory arc)

🚨 CRITICAL: Active supply chain attack on axios -- one of npm's most depended-on packages. The latest [email protected] now pulls in [email protected], a package that did not exist before today. This is a live compromise. This is textbook supply chain installer malware. axios has 100M+ weekly downloads. Every npm install pulling the latest version is potentially compromised right now. Socket AI analysis confirms this is malware. plain-crypto-js is an obfuscated dropper/loader that: • Deobfuscates embedded payloads and operational strings at runtime • Dynamically loads fs, os, and execSync to evade static analysis • Executes decoded shell commands • Stages and copies payload files into OS temp and Windows ProgramData directories • Deletes and renames artifacts post-execution to destroy forensic evidence If you use axios, pin your version immediately and audit your lockfiles. Do not upgrade.

TeamPCP has done ANOTHER supply chain attack. My Brother in Christ, how many of these fuckin' things are you going to do? YOU'VE DONE 50 FUCKING SUPPLY CHAIN ATTACKS. 50 SUPPLY CHAIN ATTACKS IN EIGHT FUCKING DAYS. March 19th: - Trivy March 20th: - EmilGroup (28 packages) - OpenGov (16 packages) - Teale-io (eslint-config) - AIRTM (uuid-base32) - PypeSteam (floating-ui-dom) March 23rd: - Checkmarx March 24th: - LiteLLM March 27th: - Telnyx

⚠️ iOS Security Alert | Immediate System Update Required for iOS Users Apple is urging iPhone/iPad users to update iOS immediately. Google Threat Intelligence Group (GTIG) recently disclosed a critical iOS exploit chain known as “DarkSword,” affecting iOS 18.4 to 18.7. This issue is not related to any exchange or wallet application, but is a system-level vulnerability in iOS. Attackers may exploit this vulnerability when users visit compromised (but seemingly legitimate) websites. The exploit may be triggered automatically without any user interaction, allowing attackers to extract sensitive data, including crypto wallet information. The malware may also erase its traces after execution, making detection extremely difficult. If your device is running iOS 18.4–18.7, you may be at risk. Immediate Actions Recommended: 1️⃣ Update your iPhone/iPad to the latest iOS version immediately 2️⃣ Avoid clicking on unknown links or visiting untrusted websites 3️⃣ Review app permissions and disable any unnecessary access 4️⃣ Enable Two-Factor Authentication (2FA) on all crypto-related accounts and ensure withdrawal whitelist is activated We believe it’s important to share this security alert with all users and not just Binance users. Security is the foundation of the entire ecosystem, and protecting user assets must come first.