🚨 CRITICAL: Active supply chain attack on axios -- one of npm's most depended-on packages.
The latest [email protected] now pulls in [email protected], a package that did not exist before today. This is a live compromise.
This is textbook supply chain installer malware. axios has 100M+ weekly downloads. Every npm install pulling the latest version is potentially compromised right now.
Socket AI analysis confirms this is malware. plain-crypto-js is an obfuscated dropper/loader that:
• Deobfuscates embedded payloads and operational strings at runtime
• Dynamically loads fs, os, and execSync to evade static analysis
• Executes decoded shell commands
• Stages and copies payload files into OS temp and Windows ProgramData directories
• Deletes and renames artifacts post-execution to destroy forensic evidence
If you use axios, pin your version immediately and audit your lockfiles. Do not upgrade.
My piece at Swarajya on who actually owns the brains behind India's Automotive industry.
This is blowing up, and I am learning from the responses as well!
Keep 'em coming.
@amargov@astrokaran
How many friends here are based in Bangalore? I am interested in starting a free Jyotish monthly meet.
No astrology knowledge required. Venue - Lal Bagh on Sundays. More details shortly.
Repost this for more visibility.
Those keen to join can email to [email protected]
#Bangalore #Bengaluru
@vydrifter88@amargov The article goes into detail; one needs to read it in its entirety. However, it would carry more weight if the author cited sources, especially engineers who work there (even if anonymous).
@a_srinidhi@vvaayu Never seen a couple till now who has fallen asleep in their own wedding that too when performing the rituals ( Saptapadi , etc ) Also this practice is predominantly practiced in andhra states where day temperatures can be extreme .
@homam108@25_shivansh Namaste Gurugaru.
Is it feasible to use Ephemeris published by the Positional Astronomy Centre, Kolkata as an alternative to Swiss Ephemeris? Is Swiss preferred primarily because it’s embeddable as a database in applications, or does it offer superior astronomical accuracy?
Software salaries are heavily skewed. FAANG engineers earning 60L–1Cr+ will pull the mean up. That does not mean the average engineer earns 33L.
If the real average were 33L,
The median would be around 25L+. That would mean more than half the engineers in Bengaluru earn 25+.
Everyone's sharing their OpenClaw setups. Most skip security entirely.
I spent a week hardening mine: Dedicated machine, Tailscale, command allowlists, read-only tokens.
The security-first guide I wish existed when I started.
🦞🔒
https://t.co/Gv1yt7fSlR
We would like to thank @Nithin0dha for the $100k donation to FFmpeg (pending)!
While this does not solve the funding problems behind FFmpeg and Open Source in general, it's a step forward to a sustainable future for Open Source Software.