
GridPlus
3.4K posts

GridPlus
@gridplus
The world's first secure touchscreen hardware wallet. Complete solutions for secure signing, key storage, and backups. Engineered and manufactured in the USA.







#150 - Nico Gallardo - Octant x.com/i/broadcasts/1…



🚨 CRITICAL: Active supply chain attack on axios -- one of npm's most depended-on packages. The latest axios@1.14.1 now pulls in plain-crypto-js@4.2.1, a package that did not exist before today. This is a live compromise. This is textbook supply chain installer malware. axios has 100M+ weekly downloads. Every npm install pulling the latest version is potentially compromised right now. Socket AI analysis confirms this is malware. plain-crypto-js is an obfuscated dropper/loader that: • Deobfuscates embedded payloads and operational strings at runtime • Dynamically loads fs, os, and execSync to evade static analysis • Executes decoded shell commands • Stages and copies payload files into OS temp and Windows ProgramData directories • Deletes and renames artifacts post-execution to destroy forensic evidence If you use axios, pin your version immediately and audit your lockfiles. Do not upgrade.






✨LUNAR NEW YEAR SALE IS LIVE 🧧 To celebrate new beginnings in the Year of the Fire Horse, we’re dropping a $100 discount on the Lattice1. 🎁 Each Lattice1 pack includes 3 free SafeCards. ⏳ 7 days only. Shop at gridplus.io. No code needed.






