R-Sync 同期🦀🗿

In the next 10 years you’ll need to know how works with AI, robotic and computer quantum. Everything will work together

A Context.ai employee's machine got hit by an infostealer on February 17. Three months later, ShinyHunters announced they had breached Vercel. Vercel Breach Potentially Traced Back to Infostealer Malware: whiteintel.io/blog/vercel-br…

‼️Vercel Breach Traced to Suspected February Infostealer Infection at Context.ai 👇

BREAKING: Vibe-coding platform Lovable reportedly suffered a breach that exposed users’ AI chat histories, source code, & database credentials.

Our investigation has revealed that the incident originated from a third-party AI tool with hundreds of users whose Google Workspace OAuth app was compromised. We recommend that Google Workspace Administrators check for usage of this app immediately. #indicators-of-compromise-iocs" target="_blank" rel="nofollow noopener">vercel.com/kb/bulletin/ve…

VERCEL GOT HACKED ShinyHunters - the group behind the Ticketmaster breach - is selling Vercel's internal database for $2M on BreachForums here's why every developer should care: - they have NPM tokens and GitHub tokens - Vercel owns Next.js - 6 million weekly downloads - one malicious push = global supply chain attack - Vercel confirmed the breach today, April 19 - they literally DMed the hackers on Telegram asking them to stop rotate your env variables RIGHT NOW

We’ve identified a security incident that involved unauthorized access to certain internal Vercel systems, impacting a limited subset of customers. Please see our security bulletin: vercel.com/kb/bulletin/ve…

@ClaudeDevs is now on X.

In Greek mythology, Atlas held up the world and invented navigation. Now, Atlas is live on Rootstock. 🟠 One interface for every core route in. 🟠 Compare by speed, cost, and trust assumptions. 🟠 Execute in a single guided flow. Get started at 👉 atlas.rootstock.io

📢 ZERO SIGN UP, FREE FOREVER, MALWARE PROTECTION. npm i -g sfw sfw npm install sfw pnpm install sfw yarn install sfw cargo fetch sfw uv pip install socket.dev/blog/introduci…

There is a project on GitHub called Axios. Axios is extremely popular. It is used by millions upon millions of applications. Axios is a programming library that helps your JavaScript code make HTTP/S requests (communicate with websites). In simple terms, if you're a programmer doing something with JavaScript, and want to do stuff that communicates with a website in literally any capacity, people heavily recommend using Axios due to its simplicity. Using Axios you don't have to reinvent the wheel and do a bunch of work. All you need to do is import Axios into your code and you're off to the races. Someone (currently unknown) compromised Axios (currently unknown how) to deliver malware to people. When someone updates or installs Axios, Axios itself contains malware. What the malware does is (currently) unknown, but it is being reversed engineered by probably every malware analyst on the planet at this moment. In a few hours more details will emerge. Information is being exchanged in real time on social media and private communication platforms as I write this. Due to the size and popularity of Axios, it is unknown how many are impacted, it could be millions, it could be thousands, or if we're lucky, only hundreds of people or organizations will be impacted. If this is absolute worst case scenario, millions of organizations across the planet have been infected with malware which (currently) we do not understand. However, the likelihood of this is low. It appears Axios being compromised was detected quickly, potentially within minutes (or hours) of it being compromised to deliver malware. Additionally, the likelihood of every single Axios user updating Axios as soon as it was compromised to deliver malware is astronomically low. It is basically zero. The impact from Axios being compromised is devastating, the fallout from this will be a massive headache. This is unironically a malware nuclear missile and will likely be studied in the future.

Claude Code just got open sourced again!

🚨‼️ MAJOR SUPPLY CHAIN ATTACK: npm package axios is compromised after the maintainer's npm account was hijacked. Malicious versions contain a Remote Access Trojan. axios has 100M+ weekly downloads — it's in practically everything. If you have installed axios@1.14.1 or axios@0.30.4, assume compromise.

Claude code source code has been leaked via a map file in their npm registry! Code: …a8527898604c1bbb12468b1581d95e.r2.dev/src.zip

🚨 Active supply chain attack on axios@1.14.1. The latest version pulls in plain-crypto-js@4.2.1 -- a brand-new package that didn't exist before today. Socket's AI analysis flags it as a malicious obfuscated dropper: runtime deobfuscation, dynamic execSync loading, payload staging to temp/ProgramData directories, and post-execution artifact deletion. Consistent with supply chain malware. We're still investigating. If you use axios, pin your version and audit your lockfile.

🚨 CRITICAL: Active supply chain attack on axios -- one of npm's most depended-on packages. The latest axios@1.14.1 now pulls in plain-crypto-js@4.2.1, a package that did not exist before today. This is a live compromise. This is textbook supply chain installer malware. axios has 100M+ weekly downloads. Every npm install pulling the latest version is potentially compromised right now. Socket AI analysis confirms this is malware. plain-crypto-js is an obfuscated dropper/loader that: • Deobfuscates embedded payloads and operational strings at runtime • Dynamically loads fs, os, and execSync to evade static analysis • Executes decoded shell commands • Stages and copies payload files into OS temp and Windows ProgramData directories • Deletes and renames artifacts post-execution to destroy forensic evidence If you use axios, pin your version immediately and audit your lockfiles. Do not upgrade.

AI and bots have officially taken over much of the internet, according to a new report. HUMAN Security's 2026 State of AI Traffic & Cyberthreat Benchmark Report finds that in 2025: - Automated traffic grew 23.51% year over year - Human traffic grew 3.10% year over year - AI-driven traffic grew 187% from January to December - AI agent traffic grew 7,851% year over year

GitHub is updating its policy and will start using your code and data to train AI using Copilot. From April 24, your Copilot chats will be used by default to train their AI models. This includes your prompts, the code it suggests, and related context. Deactivate it ASAP.

No CBDC Not now Not ever

Republicans aren’t banning CBDCs, they’re redesigning them. Same surveillance, same control, just routed through banks so Wall Street gets its cut. It’s a revenue-sharing agreement. We need to reject this.

BREAKING: 🇺🇸 $4 TRILLION mortgage lender Fannie Mae to accept Bitcoin as collateral on home loans for the first time — WSJ