nay

🚨CRITICAL: Axios got hacked. here's what happened: → attacker hijacked a lead maintainer's npm account → swapped the email to an anonymous protonmail → bypassed GitHub Actions entirely → manually pushed axios@1.14.1 via npm CLI the malicious version injects plain-crypto-js@4.2.1 a package that didn't exist before yesterday. it's a full RAT dropper, one npm install and it: → runs a postinstall script silently → detects your OS (mac, windows, linux) → downloads a platform-specific payload → deletes itself after execution → replaces its own package.json with a clean decoy you check your node_modules after, everything looks normal, but the damage is already done. axios has 100M+ weekly downloads, this isn't some random package, it's in almost every JS project you've ever touched (including me) if you use axios: → pin your version to 1.14.0 or below → audit your lockfiles right now → do NOT run npm install with latest → check if plain-crypto-js exists in your node_modules this is the most sophisticated npm supply chain attack we've seen on a top-10 package. stop trusting npm install blindly.

NEW: @pudgypenguins ANNOUNCES THAT PUDGY WORLD, ITS FREE TO PLAY BROWSER-BASED GAME, IS NOW LIVE

Introducing Tracks At The World's Largest Crypto Festival Bali, 20-21 August 2026 Get Tickets Now at coinfest.asia