StepSecurity:

If you have installed axios@1.14.1 or axios@0.30.4, assume your system is compromised.

There are zero lines of malicious code inside axios itself, and that’s exactly what makes this attack so dangerous. Both poisoned releases inject a fake dependency, plain-crypto-js@4.2.1, a package never imported anywhere in the axios source, whose sole purpose is to run a postinstall script that deploys a cross-platform remote access trojan. The dropper contacts a live command-and-control server, delivers separate second-stage payloads for macOS, Windows, and Linux, then erases itself and replaces its own package.json with a clean decoy. A developer who inspects their node_modules folder after the fact will find no indication anything went wrong.

This was not opportunistic. It was precision. The malicious dependency was staged 18 hours in advance. Three payloads were pre-built for three operating systems. Both release branches were poisoned within 39 minutes of each other. Every artifact was designed to self-destruct. Within two seconds of npm install, the malware was already calling home to the attacker’s server before npm had even finished resolving dependencies. This is among the most operationally sophisticated supply chain attacks ever documented against a top-10 npm package.

Could be my bigotry against JavaScript speaking, but I find it unsurprising that this happened to the same framework that this and this happened to.

Where to find the Righteous Verdict two-handed sword in Crimson Desert and how to access the secret room where this weapon is hidden.

Robert Hart / The Verge:
Mental health startup Kintsugi is shutting down and open-sourcing its AI tech to detect depression and anxiety, after failing to secure FDA clearance  —  Instead, a mental health startup shut down and open-sourced its tech. … For the past seven years, the California-based startup Kintsugi …

ATLANTA—Forced to call off the approximately $4 billion journey around the moon due to unforeseen delays experienced by its four-member crew, NASA confirmed Thursday that the Artemis II mission failed Thursday after astronauts missed their connecting flight in Atlanta. “We thought we had enough time to stop for a Cinnabon, but before we knew it, […]

The post Artemis II Mission Fails After Astronauts Miss Connection Rocket In Atlanta appeared first on The Onion.

Here's how to unlock the 'Legendary Wolf' quest, defeat Black Fang, and find Silver Fang to get the Silver Fang mount in Crimson Desert.