This too shall pass. Used to tweet about programming and infosec. Likes people, science, and music. Swedish & English. jonelf @ Keybase • jonelf.89 @ Signal
Joined December 2008
- Tweets 69,143
- Following 979
- Followers 1,030
- Likes 23,407
8,462 Photos and videos
Jonas retweeted
May 17
”Bara för att vi förlorar mot Mjällby i cupfinalen så betyder inte det att vi är världens sämsta lag. Och bara för att vi vinner mot MFF så betyder inte det att vi är världens bästa lag. Jag brukar säga till de unga i truppen, behåll fötterna på jorden & jobba hårt” - Besara ❤️
5
2
308
32,952
Jonas retweeted
Mar 31
🚨 Another major supply chain incident 🚨
axios — one of the most widely used npm packages — has been compromised. Malicious versions axios@1.14.1 and axios@0.30.4 were published and are actively dropping malware.
The attack pulls in a newly created dependency plain-crypto-js@4.2.1, confirmed as a malicious loader: it executes obfuscated payloads, runs shell commands, and attempts to evade detection while wiping traces.
With 100M weekly downloads, this is a live, large-scale supply chain attack.
More details: stepsecurity.io/blog/axios-c…
🚨 CRITICAL: Active supply chain attack on axios -- one of npm's most depended-on packages.
The latest axios@1.14.1 now pulls in plain-crypto-js@4.2.1, a package that did not exist before today. This is a live compromise.
This is textbook supply chain installer malware. axios has 100M weekly downloads. Every npm install pulling the latest version is potentially compromised right now.
Socket AI analysis confirms this is malware. plain-crypto-js is an obfuscated dropper/loader that:
• Deobfuscates embedded payloads and operational strings at runtime
• Dynamically loads fs, os, and execSync to evade static analysis
• Executes decoded shell commands
• Stages and copies payload files into OS temp and Windows ProgramData directories
• Deletes and renames artifacts post-execution to destroy forensic evidence
If you use axios, pin your version immediately and audit your lockfiles. Do not upgrade.
14
72
312
132,269
Jonas retweeted
Mar 31
New supply chain attack this time for npm axios, the most popular HTTP client library with 300M weekly downloads.
Scanning my system I found a use imported from googleworkspace/cli from a few days ago when I was experimenting with gmail/gcal cli. The installed version (luckily) resolved to an unaffected 1.13.5, but the project dependency is not pinned, meaning that if I did this earlier today the code would have resolved to latest and I'd be pwned.
It's possible to personally defend against these to some extent with local settings e.g. release-age constraints, or containers or etc, but I think ultimately the defaults of package management projects (pip, npm etc) have to change so that a single infection (usually luckily fairly temporary in nature due to security scanning) does not spread through users at random and at scale via unpinned dependencies.
More comprehensive article:
stepsecurity.io/blog/axios-c…
🚨 CRITICAL: Active supply chain attack on axios -- one of npm's most depended-on packages.
The latest axios@1.14.1 now pulls in plain-crypto-js@4.2.1, a package that did not exist before today. This is a live compromise.
This is textbook supply chain installer malware. axios has 100M weekly downloads. Every npm install pulling the latest version is potentially compromised right now.
Socket AI analysis confirms this is malware. plain-crypto-js is an obfuscated dropper/loader that:
• Deobfuscates embedded payloads and operational strings at runtime
• Dynamically loads fs, os, and execSync to evade static analysis
• Executes decoded shell commands
• Stages and copies payload files into OS temp and Windows ProgramData directories
• Deletes and renames artifacts post-execution to destroy forensic evidence
If you use axios, pin your version immediately and audit your lockfiles. Do not upgrade.
567
1,111
10,514
1,583,057
Jonas retweeted
29 Aug 2025
Är nästan aldrig här men om algoritmerna gör så du ser detta så letar nya uppdrag! Kan göra tv, radio, poddar, skriva allt möjligt och koka kaffe. Så om du vill jobba med mig eller bara säga hej: hör av dig. Intresserad av allt! RT=kärlek!
1
16
28
21,614
Still a KeyPass user
Installing KeePass 2 and will probably let Nullsoft SafeSex down after all these years. keepass.info 1014.org/code/nullsoft/safes…
174
Jonas retweeted
30 Mar 2025
INSANE SUPPORTER TURNOUT FOR HAMMARBY MARCH TO MATCH IN SWEDEN. Fans showed up for the Stockholm side's season-opener after Bajen came in 2nd last season 🙌
6
29
517
73,083