2/ i wrote a short-ish "note" over on The Blogging Site That Shall Not Be Named in an attempt to explain to the less technologically sophisticated people in the audience what just happened with the #nx / #npm supply chain attack.

* my simplified explanation: https://substack.com/profile/96801203-michel-de-cryptadamus/note/c-149738571
* for the trve heads with opinions on things like linux distros and the Rust programming language, Wiz wrote a much more thorough explanation: https://www.wiz.io/blog/s1ngularity-supply-chain-attack

#crypto #cryptocurrency #nodejs #node #threatintel #northkorea #lazarusgroup#DPRK #hackers #hacking #ethereum #claude #gemini

everyone calm down, the enormous #NPM supply chain attack of the incredibly popular (27,000 #github stars) #nx#AI build tool thingamajig is probably aimed solely at crypto bros. if you don't have any crypto you (hopefully) don't have anything to worry about.

my fact free, completely unsupported by evidence hunch is that we will find this came from #NorthKorea (because if it's a well orchestrated attempt to steal a bunch of crypto it's pretty much always north korea).

https://universeodon.com/@cryptadamist/115102035321832152

#crypto #cryptocurrency #ethereum #npm #nodejs #node #js#javascript#webdev#DPRK#LazarusGroup #cybersecurity #infosec #threatintel #claude #gemini

2/ i wrote a short-ish "note" over on The Blogging Site That Shall Not Be Named in an attempt to explain to the less technologically sophisticated people in the audience what just happened with the #nx / #npm supply chain attack.

* my simplified explanation: https://substack.com/profile/96801203-michel-de-cryptadamus/note/c-149738571
* for the trve heads with opinions on things like linux distros and the Rust programming language, Wiz wrote a much more thorough explanation: https://www.wiz.io/blog/s1ngularity-supply-chain-attack

#crypto #cryptocurrency #nodejs #node #threatintel #northkorea #lazarusgroup#DPRK #hackers #hacking #ethereum #claude #gemini

Oh look! Another #npm postinstall malware.

Amazing this security hole still hasn't been patched for over a decade now.

https://www.stepsecurity.io/blog/supply-chain-security-alert-popular-nx-build-system-package-compromised-with-data-stealing-malware

everyone calm down, the enormous #NPM supply chain attack of the incredibly popular (27,000 #github stars) #nx#AI build tool thingamajig is probably aimed solely at crypto bros. if you don't have any crypto you (hopefully) don't have anything to worry about.

my fact free, completely unsupported by evidence hunch is that we will find this came from #NorthKorea (because if it's a well orchestrated attempt to steal a bunch of crypto it's pretty much always north korea).

https://universeodon.com/@cryptadamist/115102035321832152

#crypto #cryptocurrency #ethereum #npm #nodejs #node #js#javascript#webdev#DPRK#LazarusGroup #cybersecurity #infosec #threatintel #claude #gemini

Introducing #Upyo!

A simple, cross-runtime email library that works seamlessly on #Deno, #Node.js, #Bun, and edge functions. Zero dependencies, unified API, and excellent testability with built-in mock transport.

Switch between #SMTP, #Mailgun, #SendGrid without changing your code. Available on #JSR & #npm!

https://upyo.org/

Introducing #Upyo!

A simple, cross-runtime email library that works seamlessly on #Deno, #Node.js, #Bun, and edge functions. Zero dependencies, unified API, and excellent testability with built-in mock transport.

Switch between #SMTP, #Mailgun, #SendGrid without changing your code. Available on #JSR & #npm!

https://upyo.org/