North Korean intelligence agents built an entire fake company to compromise one JavaScript developer. And it worked. UNC1069 didn't hack Axios. They befriended its maintainer. They cloned a real company founder's identity, built a branded Slack workspace with fake employee profiles and LinkedIn post channels, then scheduled a Microsoft Teams call with what appeared to be a full team. During the call, a fake error message said his system needed an update. He installed it. That update was the RAT. From one developer's laptop, they had everything: npm credentials, publishing access, the keys to a package installed in 80% of cloud environments. Axios gets 100 million downloads per week. The attackers published two poisoned versions at 12:21 AM UTC on a Sunday night, tagging both the latest and legacy branches within 39 minutes. The malicious dependency had been pre-staged 18 hours earlier with a clean decoy version to build registry history. Three separate RAT payloads were pre-built for macOS, Windows, and Linux. The malware self-deleted after execution to erase forensic evidence. The poisoned versions were live for about three hours before npm pulled them. Huntress observed 135 endpoints across all operating systems calling the attacker's command-and-control server during that window. Wiz found the malicious versions in roughly 3% of environments scanned. Every affected machine needs full credential rotation: npm tokens, AWS keys, SSH keys, CI/CD secrets, everything in .env files. The part that keeps getting worse: this isn't isolated. The same threat cluster compromised Trivy (a security scanner), KICS, LiteLLM, and multiple GitHub Actions in the two weeks before Axios. Google estimates hundreds of thousands of stolen secrets are now circulating from these combined attacks. The maintainer had 2FA enabled. He said himself: "I have 2FA/MFA on practically everything." The exact method of token compromise is still undetermined. One person. One fake Teams call. 100 million weekly downloads weaponized in under three hours. The npm ecosystem runs on mass trust in individual maintainers who volunteer their time, and North Korean intelligence now has a repeatable playbook for turning that trust into a delivery mechanism.

Name the game

La felicidad es paz, no placer. - Will Smith

That's so true 🤣

This is what Starlink was intended for.

Today I received and set up a @Starlink kit with the roaming plan. I have to say that I'm really impressed by the speed, latency and stability of the service. Getting an average of: ⬇️250 Mbps ⬆️35 Mbps 🕔 30 ms latency Really good job, Starlink Team!

Cambia el alcohol por agua. Cambia Netflix por podcasts. Cambia las quejas por gratitud. Cambia gastar dinero por invertir. Cambia trasnochar por madrugar. Cambia influencers por creadores. Cambia el sobrepensar por acción. Cambia amigos tóxicos por mentores.

Alone day, Godot day! Time to dive into the manual! 📔

Decompiling and reverse engineering a Godot game is a trivial task. If you're looking to increase the difficulty of this process, check out this awesome guide which provides useful tips to protect your project: godot.community/topic/35/pro… #GodotEngine

“La soledad es para mí una fuente de curación que hace que valga la pena vivir la vida. Hablar es a menudo un tormento para mí y necesito muchos días de silencio para recuperarme de la inutilidad de las palabras.” - Carl Jung

If you have an old laptop, install Chromebook and give it to your kids. Tip: Use Google Family Link to control what they can do, restrict access to dangerous stuff and control the time they spend in front of screens. They'll boost their tech skills effortlessly.

I found a guy who goes around the US asking 70 to 100-year-olds their: • Biggest Regrets • Biggest Lessons • Advice to their younger self Oddly enough, most of their answers are the same… Here are my top 8:

Jugar al Tetris después de un evento traumático puede ayudar a prevenir los síntomas del estrés postraumático.

Interesting... seen on Linkedin.

What's the biggest lie you tell yourself?

During my limited spare time, I challenged myself by creating games using Unity. I recently developed a card game inspired by Marvel Snap. Today, while exploring the @godotengine , I fell in💖with it. Now, I have a new toy to learn and enjoy🤖

I believe this is still the best thinking room for a developer 😁