Yuval Itzchakov

🚨 CRITICAL: Active supply chain attack on axios -- one of npm's most depended-on packages. The latest axios@1.14.1 now pulls in plain-crypto-js@4.2.1, a package that did not exist before today. This is a live compromise. This is textbook supply chain installer malware. axios has 100M+ weekly downloads. Every npm install pulling the latest version is potentially compromised right now. Socket AI analysis confirms this is malware. plain-crypto-js is an obfuscated dropper/loader that: • Deobfuscates embedded payloads and operational strings at runtime • Dynamically loads fs, os, and execSync to evade static analysis • Executes decoded shell commands • Stages and copies payload files into OS temp and Windows ProgramData directories • Deletes and renames artifacts post-execution to destroy forensic evidence If you use axios, pin your version immediately and audit your lockfiles. Do not upgrade.

@VictorTaelin Does anyone have an equivalent working flow for Android? Currently using tmux + Termius + tailscale, but using Termius on mobile with the keyboard layout doesn't play nicely for me and feels cumbersome.

I think I found my hands-free vibe coding setup it is simple: there is an app called Moshi, which is like Termius - it allows me to access my Mac Mini via SSH - except, instead of a big keyboard taking 50% of the screen, it has a minimal clean interface with a mic button that transcribes my voice (via Whispr) into shell commands that way, I just SSH into my machine, type 'claude' or 'codex', and start sending commands or asking questions. I managed to quickly clone Bend2, build it, run the tests, edit files, and ask it to show me functions. simple, efficient and it just works (the app is a bit buggy tho) it is quite mind-blowing to realize that I don't really need a notebook to code anymore, I can actually do anything from my phone while I walk a dog, and that feels very liberating

Today we are launching @openwork_ai, an open-source (MIT-licensed) computer-use agent that’s fast, cheap, and more secure. @openwork_ai  is the result of a short two-day hackathon our team decided to hack, which brings together some of our favorite open source AI modules into one powerful agent, to allow you to: 1. Bring your own model/API key (any provider and model supported by @opencode is supported by Openwork) 2. ~4x faster than Claude for Chrome/Cowork, and much more token-efficient, powered by dev-browser by @sawyerhood (legend) 3. More secure - contrary to Claude for Chrom/Cowork, does not leverage the main browser instance where you are logged into all services already. You login only to the services you need. This significantly reduces the risk of data loss in case of prompt injections, to which computer-use agents are highly exposed. 4. Free and 100% open-source! You can download the DMG (macOS only for now) or fork the github repo via the link in bio (@openwork_ai). Let us know what you think (or better, send a pull request)!

@Cyburgerim בהחלט

שואל ברצינות: יש קשב/עניין לפוסט *5 דקות קריאה* שמתחיל ככה? "הצד שלי ב SolarWinds: השמשת שיטה חדשה למציאת חשיפה לחולשות שונדורים וחוקרים פספסו, גילוי מאות ארגונים (כולל F500) שחשבו שהם פיקס אבל נפגעו, responsible disclosure, עבודה עם CERTs ברחבי העולם והוקרה ממערך הסייבר הלאומי"

@gwenshap @shaiyallin שעה?

שבת שלום ל #פידטק ישראל! שבת עוד שבועיים, 25 לאוקטובר, בשניט (רחוב הארבע ת״א). אני ו @shaiyallin עושים טוויטאפ. בירה טובה וגיקים טובים עוד יותר. אתם מוזמנים להצטרף 🥰 🍻🍺

המסביר האפקטיבי ביותר בנוגע להתגוננות האזרחים בעורף התגלה במקרה במהלך השידור מבת ים הבוקר.

@Cyburgerim @LaviAlon 👑👑👑

Guardz · $56m (total $84m) 🎉

we've been hard at work improving @cursor_ai Agent, allowing you to delegate more tasks and let it work alongside you agent works just like a human developer, with access to your tools, codebase context, and the ability to take actions here's what Agent can do ↓

Israeli actress Gal Gadot shares the news of the hostages’ release to her 108 million Instagram followers. 🎗️

What fuels thriving relationships? #Responsiveness: #Listening, understanding, and supporting each other. In our new chapter, Harry Reis and I present an integrated model of responsiveness and its powerful impact on #connection and well-being. elgaronline.com/edcollchap/boo…

@janekm @MattJamesBoyle @danielmelo_dm @JoseQues_ @MolloyLaurence @iavins You can use the new conditional-write feature in S3 precisely for this aws.amazon.com/about-aws/what…

@MattJamesBoyle @danielmelo_dm @JoseQues_ @MolloyLaurence @iavins Still sounds potentially problematic if there’s a lot of simultaneous requests? A new file might have been created by another request just after you checked.

What's this algorithm called? I store objects in an S3 bucket with sequential numeric filenames: - bucket/ - 0000000001 - 0000000002 ... - 0000004242 Each new object gets an incremented sequence number. I need a way to find the last inserted object, i.e., the object with the highest number. Since S3 can't fetch the last inserted item directly or use reverse-sorted listing, I need to find the latest object without scanning the entire bucket of thousands of items. My idea: I search for objects at exponential intervals (1000th, 10k, 50k, 100k) in parallel. When I find a gap (e.g., 100k missing but 50k exists), I binary search that range (60k, 75k, 90k) until I narrow it to a manageable gap (5-10k objects). Then I use S3's list API to fetch objects from that point. While I feel happy about coming up with this, I am curious to know what this kind of search is called. It looks close to binary search, but with an unknown upper bound.

It's BFCM time again! I wrote my book Leading Snowflakes for new Engineering Managers and it's now 50%-off for all packages leadingsnowflakes.com/?r=crazyweekend Please share if you got value in the past 11 years from SoftwareLeadWeekly.com, LeadingSnowflakes.com, ManagerREADME.com and want to support my work and get free good karma for life.

A new adware campaign, RoxiApp, is making waves with potential info-stealing capabilities. Execution flow: msi -> obs-ffmpeg-mux.exe -> explorer.exe -> PowerShell -> malicous browser extension ⬇️ (1/4) IOCs below

חברים יקרים אני מבקש את עזרת כל אזרח בישראל או בעולם שיעזור לי לשתף את התמונה שבה שנראה עובד של אונר"א, ארגון שמועמד לקבל פרס נובל לשלום, כאשר הוא חוטף את הבן שלי לעזה. בבקשה לשתף ולהעביר בקבוצות תודה קובי סמרנו

הלב שלנו שבוי בעזה BRING THEM HOME NOW

@avivby This.

4/ Change yourself: Perhaps the culprit is not the entire company, but your mindset. Maybe you have what to learn?

Unhappy with your role? Feel like there's a mismatch? Your options:

The Korean people show their love and support for Israel today in downtown Seoul. More than 2000 people attended. Thank you dear friends 🇮🇱🙏🇰🇷 오늘 서울의 중심에서 2천여 명의 한국 국민들께서 이스라엘에 대한 사랑과 지지를 보여주셨습니다. 감사합니다 🇮🇱🙏🇰🇷

#BringThemHome #AmIsraelChai

1🧵 Iran and Israel are unnatural enemies. They have complimentary national interests (energy/technology), a historic cultural affinity (Persians/Jews), and no bilateral land or resource disputes. Their conflict is best understood through the prism of ideology, not geopolitics.

There are Olympic races that are longer than the distance between the Lebanese village of Kfarkela to the Israeli town of Metula.