Rodrigo Moreno

🚨 CRITICAL: Active supply chain attack on axios -- one of npm's most depended-on packages. The latest axios@1.14.1 now pulls in plain-crypto-js@4.2.1, a package that did not exist before today. This is a live compromise. This is textbook supply chain installer malware. axios has 100M+ weekly downloads. Every npm install pulling the latest version is potentially compromised right now. Socket AI analysis confirms this is malware. plain-crypto-js is an obfuscated dropper/loader that: • Deobfuscates embedded payloads and operational strings at runtime • Dynamically loads fs, os, and execSync to evade static analysis • Executes decoded shell commands • Stages and copies payload files into OS temp and Windows ProgramData directories • Deletes and renames artifacts post-execution to destroy forensic evidence If you use axios, pin your version immediately and audit your lockfiles. Do not upgrade.

@kmcnam1 pg_strict

Tap to Pay en iPhone ya está disponible con Mercado Pago México 💳 Acepta pagos sin contacto en tu iPhone, sin terminal.

🚀 Estamos contratando en CDMX Busco 2 perfiles Sr: 📊 Científico de Datos 🔧 Ingeniero de Datos ✅ Python + SQL ✅ Pipelines y automatización ✅ Experiencia en retail o consumo masivo ✅ Contratación inmediata CV a 👉 iddar@dbug.mx RT apreciado 🙏

🛑 ALERT - Trivy, a popular open-source vulnerability scanner, was compromised after attackers hijacked 75 version tags in #GitHub Actions to deliver an infostealer. It ran in CI pipelines, stealing creds and tokens, then exfiltrating data or staging it via stolen GitHub PATs. 🔗 Attack flow, impacted versions, fixes → thehackernews.com/2026/03/trivy-…

@grafana Yay! Thank you

@RodMoreno_ Hi there! I think this might help :) community.grafana.com/t/how-to-setup…

Hey @grafana team! 👋 Have you considered building an MCP server for Claude? Would be incredibly powerful to query dashboards, analyze metrics, suggest improvements, and even generate PromQL/LogQL queries through natural language. The observability + AI combo would be 🔥

Hey @namecom! 💡 An MCP server integration would be incredibly useful - imagine brainstorming project names with Claude and instantly checking domain availability, getting suggestions, and even registering them without leaving the conversation 🚀

@F13Lpz @TelefoniasU @Telmex @Telnor @Tecnologo_909 A mi si me dio los 250 simétricos.

@TelefoniasU @Telmex @Telnor @Tecnologo_909 Pues no es simétrico pero alago es algo si subió de 150 a 250 en descarga

Buenas noticias para los usuarios de @Telmex @Telnor Al parecer estan aumentando la velocidad de los paquetes (Esperemos que el costo siga igual) 80 -> 120 100 -> 150 150 -> 250 350 -> 500 Falta confirmacion de los demas planes, gracias a @Tecnologo_909 por el aviso

@agucciverse @meatball_132 The ROM itself couldn’t do it, but the Emulator (Sloop) could. The ROM could write logs, which the Emulator then sent to Nintendo’s services.

@RodMoreno_ @meatball_132 How exactly do you think this data is sent when a GBA rom has no access to the internet?

OK, here's my "the (English) Pokemon FireRed game for the Nintendo Switch system" cursory analysis. First of all, I dumped the game to immediately discover the most sad romfs ever:

@meatball_132 Thank u I’ll look that

@RodMoreno_ This is handled by the Switch OS, not the game, so I don't know exactly, but homebrewers have come up with a list of Nintendo addresses to block when running custom Switch firmware, so you could take a look at that: switch.hacks.guide/files/emummc.t…

@meatball_132 What’s the URL used to collect that data? It would be interesting to block it through AdGuard or Pi-Hole.

Here's something from the emulator code: it sends telemetry about your game progress to Nintendo. There's quite a lot, including some things that aren't pictured, like which Pokemon you have and what level they're each at.

Vercel quejándose de que Cloudflare está poniendo “en peligro Internet” cuando en los últimos 3 meses hemos tenido que actualizar 400 veces NextJS por vulnerabilidades críticas 🙃 El chiste se cuenta solo…

30 años de aventuras, batallas y recuerdos 💛 Guarda la fecha y revive tus combates favoritos ⚡️🎉 ¡No te lo pierdas en #PokémonPorEl7

• CVE-2025-55183 — Source code exposure. • CVE-2026-23864 — Another DoS, CVSS 7.5, January 2026. The glass house was yours, @rauchg.

Interesting timing to lecture about security. In the last 3 months alone, your stack shipped: • CVE-2025-66478 — RCE, CVSS 10.0. Exploited in the wild by nation-state actors. • CVE-2025-55184 — DoS, CVSS 7.5. Initial patch was incomplete, required a 2nd fix.

¿Ya vieron que si era posible usar Vite en NextJS? Sólo no lo han hecho de forma oficial por que empresa del triangulo los quiere seguir sacando dinero.

@RodMoreno_ あなたが出会ったのは、このポケモン！ キャンペーンへのご参加ありがとうございました！ 30周年ロゴアイコンをランダムでプレゼント🎁

どんな #ポケモン会えるかな ？ #ポケモン30周年 #PR @poke_times

@985noticias @AbbeyKingsley @cecilia48710561 @BJAlcaldia Podemos irlos reportando en Locatel en la app CDMX, como reporte urbano SUAC

@AbbeyKingsley @cecilia48710561 @BJAlcaldia Hay muchos vehículos viejos o abandonados, y extrañamente no los levantan

Si la alcaldía @BJAlcaldia puede pedir apoyo de Subsecretaria de transito para quitar autos viejos, puede pedir apoyo para liberar banquetas de autos estacionados, no se yo digo, o aqui no porque a quien estorban es a peatones y no a automovilistas? 🤔