Sabitlenmiş Tweet
Firdous
6.1K posts
Firdous
@iamfirdouss
Cloud • AI • Open Source • Research
why you de ask for location? Katılım Ekim 2018
226 Takip Edilen459 Takipçiler
Check out my journey so far with PipeCD here on this blog post. Have a great read!
pipecd.dev/blog/2026/04/1…
English
Firdous retweetledi
"We are fortunate to be in this agency at this time together."
Artemis II pilot Victor Glover expresses gratitude for everyone who supported him throughout his lunar mission.
English
Firdous retweetledi
Firdous retweetledi
Chers frères et sœurs en Islam, le récitateur ci-dessous est décédé. Veuillez contribuer à diffuser la magnifique récitation du Coran qu'il nous a léguée.
Français
Finally. Someone to challenge that Nwabali
The Athletic | Football@TheAthleticFC
Wrexham goalkeeper Arthur Okonkwo has had his international allegiance switch from England to Nigeria accepted by FIFA. The 24-year-old was born in London to Nigerian parents and has represented England at youth level from under-15 to under-18. Okonkwo has made 42 appearances in all competitions for Wrexham this season, keeping 11 clean sheets. More from @nnamdionye bit.ly/3PQi1nb
English
For the last few weeks I've been implementing canary, baseline and traffic routing stages for @pipecd_dev Kubernetes multi-cluster plugin which is part of my LFX Mentorship with the CNCF. Wrote about how it works, what surprised me, and what's next: [dev.to/mohammedfirdou…]
English
Firdous retweetledi
POV: You're flying by the Moon.
This visualization is designed to show you what exactly the Artemis II astronauts will see outside their window during their lunar flyby.
Here, the seven-hour visualization is compressed into 28 seconds. ⬇ (1/4)
English
claim a month of free credits on us, thanks for bearing with us
Boris Cherny@bcherny
Subscribers get a one-time credit equal to your monthly plan cost. If you need more, you can now buy discounted usage bundles. To request a full refund, look for a link in your email tomorrow. support.claude.com/en/articles/13…
English
They complement each other so well. Get involved.
Captain-EO 👨🏾💻@EOEboh
AI and Cloud are the future. I don't think anyone can go wrong with these
English
Firdous retweetledi
A tiny piece of code called axios runs inside almost every app on your phone and every website you visit. Developers download it 100 million times a week. A few hours ago, someone poisoned it with malware that hands an attacker full control of your computer.
If you’ve never heard of axios, that’s normal. It does one boring but important job: it lets apps talk to the internet. When a website pulls up your feed or an online checkout processes your card, axios is probably doing the work underneath. Over 173,000 other code packages plug into it. It’s everywhere.
The attacker stole a lead developer’s login for npm (think of it as an app store, but for code that programmers use to build software). Once inside, they swapped the developer’s email to an anonymous ProtonMail account and uploaded the poisoned version by hand. That jumped past every security check the project normally runs before new code goes live.
And this was not some rushed job. The attacker staged the malware at least 18 hours before pulling the trigger. They built separate versions for Windows, Mac, and Linux. They poisoned both the current version and an older one within 39 minutes of each other, casting the widest net possible. Once the malware ran on a machine, it deleted itself to cover its tracks.
The trick was smart. They never touched a single line of code inside axios itself. Instead, they tucked in a fake add-on called plain-crypto-js, built to pass as a well-known, trusted library. It copied the real library’s description and author info, so nothing looked off at a glance. When a developer installed axios, this fake package quietly ran the malware on its own.
When a smaller package called ua-parser-js got hijacked back in 2021 with about 8 million weekly downloads, the security world treated it like a four-alarm fire. Axios has 100 million. Over 12x the exposure, with 173,000+ packages depending on it.
Socket, the security firm that flagged this, caught it in about 6 minutes. That’s fast. But 6 minutes is still plenty of time for automated systems at companies everywhere to pull and install the bad version before anyone can react.
If you or your team runs axios: lock your version to 1.14.0 (or 0.30.3 for the older branch). Change every password, API key, and access token on any machine that installed the compromised update. And check your network logs for connections to sfrclak dot com or the IP address 142.11.206.73.
Feross@feross
🚨 CRITICAL: Active supply chain attack on axios -- one of npm's most depended-on packages. The latest axios@1.14.1 now pulls in plain-crypto-js@4.2.1, a package that did not exist before today. This is a live compromise. This is textbook supply chain installer malware. axios has 100M+ weekly downloads. Every npm install pulling the latest version is potentially compromised right now. Socket AI analysis confirms this is malware. plain-crypto-js is an obfuscated dropper/loader that: • Deobfuscates embedded payloads and operational strings at runtime • Dynamically loads fs, os, and execSync to evade static analysis • Executes decoded shell commands • Stages and copies payload files into OS temp and Windows ProgramData directories • Deletes and renames artifacts post-execution to destroy forensic evidence If you use axios, pin your version immediately and audit your lockfiles. Do not upgrade.
English
