Roman

Jeff Bezos capped his salary at $82,000. Not because he's modest or because he wanted what's best for society and his company but because salaries are taxed. Instead, he borrows against his $230 BILLION stock to fund his lifestyle UNTAXED No paycheck = no income tax. The he jumps on TV and said he pays his fair share of taxes. They think we're stupid.

‼️🚨 BREAKING: A new npm supply-chain attack uses a dead-man's switch. The payload plants a watcher on your machine that nukes your home directory the second you revoke the GitHub token it stole from you. The compromise happened today, across 42 official tanstack npm packages, 84 malicious versions in total. tanstack/react-router alone pulls more than 12 million weekly downloads. The attacker forked TanStack's repository and pushed a single hidden commit. From there, they tricked TanStack's own release system into signing the malicious packages as if they were the real thing. To npm, and to anyone checking the cryptographic proof of origin (SLSA provenance), the poisoned versions looked 100% legitimate. Maintainer Tanner Linsley confirmed the whole team had 2FA enabled. It didn't matter. This is the first documented npm worm in history that ships with a valid, signed certificate of authenticity, the same one defenders rely on to know a package wasn't tampered with.

Good Morning from Germany, where electricity prices are now regularly falling below zero around midday. On May 1, they even dropped to the floor at -49.999 cents per kilowatt hour. The reason is simple: we are generating more solar power than we can use or store. As a result, Germany has to cover the gap between these negative market prices and the guaranteed feed-in tariffs paid to producers—an expensive outcome. These prices are a clear indication of the utterly disastrous energy transition.

🚨 CRITICAL: Active supply chain attack on axios -- one of npm's most depended-on packages. The latest [email protected] now pulls in [email protected], a package that did not exist before today. This is a live compromise. This is textbook supply chain installer malware. axios has 100M+ weekly downloads. Every npm install pulling the latest version is potentially compromised right now. Socket AI analysis confirms this is malware. plain-crypto-js is an obfuscated dropper/loader that: • Deobfuscates embedded payloads and operational strings at runtime • Dynamically loads fs, os, and execSync to evade static analysis • Executes decoded shell commands • Stages and copies payload files into OS temp and Windows ProgramData directories • Deletes and renames artifacts post-execution to destroy forensic evidence If you use axios, pin your version immediately and audit your lockfiles. Do not upgrade.