In 2023, DRDO posted photos from the control station of India's TAPAS drone programme.
On the ceiling, pointed at screens showing flight telemetry, was a CCTV by Hikvision, a company partly owned by China's state defence-electronics group.
The camera was just a symptom. 🧵
‼️🇮🇳 Multiple Indian Schools Hit After Ellucian PowerCampus Platform Compromised, Children's Photos, Aadhaar Numbers, and Medical Data Exposed
https://t.co/43Bih87bpl
Honest question for anyone running OpenClaw:
How many MCP servers do you have connected?
Have you ever looked at the full list of tools they expose?
I had 5 servers running for 3 months before I actually audited what my agent could do. The list was terrifying. #OpenClaw#MCP #AIAgents #DevSec
🚨 CRITICAL: Active supply chain attack on axios -- one of npm's most depended-on packages.
The latest [email protected] now pulls in [email protected], a package that did not exist before today. This is a live compromise.
This is textbook supply chain installer malware. axios has 100M+ weekly downloads. Every npm install pulling the latest version is potentially compromised right now.
Socket AI analysis confirms this is malware. plain-crypto-js is an obfuscated dropper/loader that:
• Deobfuscates embedded payloads and operational strings at runtime
• Dynamically loads fs, os, and execSync to evade static analysis
• Executes decoded shell commands
• Stages and copies payload files into OS temp and Windows ProgramData directories
• Deletes and renames artifacts post-execution to destroy forensic evidence
If you use axios, pin your version immediately and audit your lockfiles. Do not upgrade.
🚨‼️ BREAKING: PyPI package telnyx has been compromised by TeamPCP in yet another supply chain attack.
The malware executes immediately upon importing telnyx. It drops a valid WAV audio file and runs an executable embedded within the frames.
I connected a Postgres MCP to one of our bots.
I wanted read access. I got DROP TABLE.
Checked our GitHub MCP — added for code reading. Also had delete_repository.
Checked Slack MCP — wanted search. Got remove_user.
I looked at Claude, Cursor, ChatGPT. None of them let you block specific tools from an MCP server.
Writing up what I found. The numbers are bad. Post tomorrow.
So let me get this straight: we at @FUTURESEARCHAI discover the litellm supply chain attack, report it to PyPI, open the disclosure issue on GitHub, and... @github bans my account? What the hell!?
The National Human Rights Commission (NHRC) writes to the Electronics and Information Technology Ministry Secretary on alleged violations of the Digital Personal Data Protection Act (DPDP Act), particularly concerning the absence of systems for tracking children’s data transfers and grievance redressal mechanisms across major digital platforms.
Clarifying a few things, starting with the MoU.
Are you taking taxpayer money?
No. The MoU signed with the UP Government is structured as a public-private partnership. It does not involve any cost to the taxpayers of Uttar Pradesh. On the contrary, it brings investment into the state. The project will be executed in phases, with support from external investment partners. We have not taken any money, any GPUs, or any other form of support from the Government. The only part of this MoU that involves citizens is that they'll receive free access to AI, in their own language and through familiar interfaces, via AI Commons.
Is your revenue ₹42.9 lakh?
No. This is a bug in Google’s AI, which has confused Puch AI with another company called Pucho AI. The ₹42.9 lakh revenue figure belongs to Pucho AI, not Puch AI. Puch AI’s revenue is not public.
What’s your valuation/annual revenue? Are you bootstrapped?
We’ll share those details when the time is right. For now, as a private company, we’re not required to make our valuation or revenue public. But, if you’re curious, we're not bootstrapped. We’re a well-funded startup.
Do you have a foundational model of your own?
No, and we do not believe it is necessary for our mission to build one at this stage.
What is your mission?
We want to bring AI to everyone in India. Today, many people already use tools like ChatGPT and Gemini, but millions still cannot. Your parents, shopkeepers, drivers, and many others are being left out because AI, in its current form, is not built for them.
What exactly is Puch AI doing?
Puch AI is building the domestic consumer AI offering for the masses. We're bringing AI to people through simple, familiar interfaces like WhatsApp and voice calls, so that it is easy to use even for those who cannot type and prefer to interact through voice.
Why don’t you have your own app?
We understand the frustration people feel about this, and at times it is frustrating for us as well (currently fighting Meta on the WhatsApp policy). But so far, this has been a conscious choice. A new app becomes one more thing to learn and one more barrier for the millions of people who are currently not using AI. Try teaching your parents a new app!
So are you asking me to not use ChatGPT or other AIs in the name of nationalism?
No, not at all. People should use whatever AI works best for them. Our effort is simply to expand access to AI by bringing it to millions who, today, are unable to use the existing tools.
Is Puch AI just a wrapper?
Wrappers are generally defined as making API calls to AI providers like OpenAI and Anthropic. So no, Puch AI is not a wrapper. We do not use any APIs. We have built our entire infrastructure in-house on top of open-source models, and engineered it for the Indian context. However, if you define a wrapper as any company that does not have a foundational model pretrained from scratch, then yes, Puch AI is a wrapper.
What is the point of Puch AI if you haven’t even built a model?
The problem is data. Today, ChatGPT and Gemini are the default go-to AI apps for almost everyone in India who uses AI. As more people use them, these companies keep getting more and more data to improve their models. That data will never help Sarvam, BharatGen, or any other domestic AI model builder. More importantly, the bulk of India will end up accessing information through OpenAI or Google: their systems and their narratives that may ultimately be shaped by foreign actors. With Puch AI, we are trying to build sovereign distribution, so that India has at least one alternative, no matter how hopeless it may seem to compete with OpenAI or Google’s marketing.
Puch AI seems relatively simple. I can build it in a weekend. Are you even doing anything?
The choice of a simple interface is deliberate, but the underlying infrastructure is far from simple. Happy to give ₹50 lakh to anyone who can build it in a weekend, match our performance in Indian languages, and offer it for free at our consumer scale.
How was your experience building for India?
It is a very interesting situation, where the Government understands the importance and wants to do good, but it becomes difficult to do any good when so many bad actors are rooting for you to fail. Thousands of paid accounts are ready to try to shape narratives to fit their own political agenda. Everything from Community Notes to actual news articles and journalism gets weaponized against you, because your failure gets more views.
Will you keep fighting?
Not sure. Quite exhausted. Maybe this is the time to sign off.
The final paragraph was not needed, shows your incompetence, we don't want another bluesmart or byju. There are no bad actors trying to pull you down, so get this fact clearly, with zero novelty you are just trying to bring an opportunity for yourself. There is nothing for india in this, we have many companies capable of pulling this off. Nobody wants to trust a person who wishes to sign off after getting an MoU from the govt. Pathetic startup culture and pathetic actors, this bhatia kind of people are the reason why investors are losing trust in this region. No research papers, no contribution to open source and the guy has the audacity to call it weaponization.
Software horror: litellm PyPI supply chain attack.
Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database passwords.
LiteLLM itself has 97 million downloads per month which is already terrible, but much worse, the contagion spreads to any project that depends on litellm. For example, if you did `pip install dspy` (which depended on litellm>=1.64.0), you'd also be pwnd. Same for any other large project that depended on litellm.
Afaict the poisoned version was up for only less than ~1 hour. The attack had a bug which led to its discovery - Callum McMahon was using an MCP plugin inside Cursor that pulled in litellm as a transitive dependency. When litellm 1.82.8 installed, their machine ran out of RAM and crashed. So if the attacker didn't vibe code this attack it could have been undetected for many days or weeks.
Supply chain attacks like this are basically the scariest thing imaginable in modern software. Every time you install any depedency you could be pulling in a poisoned package anywhere deep inside its entire depedency tree. This is especially risky with large projects that might have lots and lots of dependencies. The credentials that do get stolen in each attack can then be used to take over more accounts and compromise more packages.
Classical software engineering would have you believe that dependencies are good (we're building pyramids from bricks), but imo this has to be re-evaluated, and it's why I've been so growingly averse to them, preferring to use LLMs to "yoink" functionality when it's simple enough and possible.
I’m not sure what’s being cooked here, but Siddharth Bhatia, the CEO of Puch AI, only has four years of experience in TOTAL.
The company has between two and ten employees. I mean how can such a new company be trusted with 25,000 crores of taxpayer money?
🚨‼️ BREAKING: Crunchyroll breached through outsourcing partner in India.
A threat actor exfiltrated data from Crunchyroll's ticketing system and also managed to pull 100 GB of personally identifiable customer analytics data.
We've analyzed sample data and it includes IP addresses, email addresses, credit card details, and more.
An employee of their outsourcing partner Telus had executed malware on his system, which gave a threat actor access to Crunchyroll's environment.
Show your ID to protect kids
Show your ID to protect kid
Show your ID to protect ki
Show your ID to protect k
Show your ID to protect
Show your ID to protec
Show your ID to prote
Show your ID to prot
Show your ID to pro
Show your ID to pr
Show your ID to p
Show your ID to
Show your ID t
Show your ID
Show your I
Show your
Show you
Show yo
Show y
Show
Sho
Sh
S
Su
Suc
Suck
Suck m
Suck my
Suck my b
Suck my ba
Suck my bal
Suck my ball
Suck my balls
Suck my balls P
Suck my balls Pa
Suck my balls Pal
Suck my balls Pala
Suck my balls Palan
Suck my balls Palant
Suck my balls Palanti
Suck my balls Palantir
This is my home in Kashmir right on the banks of River Jhelum. The place I took my first steps, spoke my first words. Gone since the 1990 Genocide. A Muslim family lives there illegally. I have tried for 2.5 years, submitted all papers to the Govt but every time, local officials say 'No home at that address'.
My mother still clutches the old key. Please help. Share and amplify my plea. Maybe, one day, justice will return our world to us. 🙏🏼🕉️🚩
🦔 Researchers at Aikido Security found 151 malicious packages uploaded to GitHub between March 3 and March 9. The packages use Unicode characters that are invisible to humans but execute as code when run. Manual code reviews and static analysis tools see only whitespace or blank lines. The surrounding code looks legitimate, with realistic documentation tweaks, version bumps, and bug fixes. Researchers suspect the attackers are using LLMs to generate convincing packages at scale. Similar packages have been found on NPM and the VS Code marketplace.
My Take
Supply chain attacks on code repositories aren't new, but this technique is nasty. The malicious payload is encoded in Unicode characters that don't render in any editor, terminal, or review interface. You can stare at the code all day and see nothing. A small decoder extracts the hidden bytes at runtime and passes them to eval(). Unless you're specifically looking for invisible Unicode ranges, you won't catch it.
The researchers think AI is writing these packages because 151 bespoke code changes across different projects in a week isn't something a human team could do manually. If that's right, we're watching AI-generated attacks hit AI-assisted development workflows. The vibe coders pulling packages without reading them are the target, and there are a lot of them. The best defense is still carefully inspecting dependencies before adding them, but that's exactly the step people skip when they're moving fast. I don't really know how any of this gets better. The attackers are scaling faster than the defenses.
Hedgie🤗
https://t.co/XQ8Eqs1QOA