Tweet fixado
I used to work 10hrs a day
But thanks to AI
Now I work 14hrs a day
GIF
English
Tejash Mishra
1.2K posts
Tejash Mishra
@hellotejash
Into : AI ML and building : Neural AI (incubated at IIT Madras)
GPU centre Entrou em Ocak 2026
119 Seguindo166 Seguidores
Total 188 verbs Claude code uses
Anthropic engineers must be contemplating today
English
@IndianTechGuide It should’ve been released before Valentine’s Day
This isn’t the right time to launch it
English
🚨 Indian fitness brand Beast Life has announced the world's first protein condom, sparking viral debate online just days before April Fool's Day.
English
@alexinexxx Claude code really forgot what shipping means….... ended up shipping itself
English
in one week
>npm axios attack
>claude code leak
>FBI director’s gmail hacked
great time to be in security rn
English
Claude code source code has been leaked via a map file in their npm registry!
Code: …a8527898604c1bbb12468b1581d95e.r2.dev/src.zip
English
Tech bros say the name Claude more than their girlfriend’s name these days
English
Tejash Mishra retweetou
New supply chain attack this time for npm axios, the most popular HTTP client library with 300M weekly downloads.
Scanning my system I found a use imported from googleworkspace/cli from a few days ago when I was experimenting with gmail/gcal cli. The installed version (luckily) resolved to an unaffected 1.13.5, but the project dependency is not pinned, meaning that if I did this earlier today the code would have resolved to latest and I'd be pwned.
It's possible to personally defend against these to some extent with local settings e.g. release-age constraints, or containers or etc, but I think ultimately the defaults of package management projects (pip, npm etc) have to change so that a single infection (usually luckily fairly temporary in nature due to security scanning) does not spread through users at random and at scale via unpinned dependencies.
More comprehensive article:
stepsecurity.io/blog/axios-com…
Feross@feross
🚨 CRITICAL: Active supply chain attack on axios -- one of npm's most depended-on packages. The latest axios@1.14.1 now pulls in plain-crypto-js@4.2.1, a package that did not exist before today. This is a live compromise. This is textbook supply chain installer malware. axios has 100M+ weekly downloads. Every npm install pulling the latest version is potentially compromised right now. Socket AI analysis confirms this is malware. plain-crypto-js is an obfuscated dropper/loader that: • Deobfuscates embedded payloads and operational strings at runtime • Dynamically loads fs, os, and execSync to evade static analysis • Executes decoded shell commands • Stages and copies payload files into OS temp and Windows ProgramData directories • Deletes and renames artifacts post-execution to destroy forensic evidence If you use axios, pin your version immediately and audit your lockfiles. Do not upgrade.
English
Can’t believe I spent years learning all the Tailwind class names just to have AI write them for me
English
@Dominos_UK Hey @KITKAT I think dominos stole it for launching their new pizza
English
@ProtonMail So that means you actually know who stole it?
Privacy concern
English
From: ████
To: ███████
Subject: Huge KitKat (12T) opportunity I just stumbled upon
███████████████████████████████████████████████████████████████████████
Sent with Proton Mail secure email.
English