与「axios」相关的搜索结果

🇺🇸突发：凌晨3:40，有人砸下9.2亿美元原油大空单。 70分钟后，Axios报道：美伊即将达成协议。油价暴跌12%。这笔交易净赚1.25亿美元。 几分钟后，伊朗突然宣布成立“波斯湾海峡管理局”，油价又暴涨8%。 上一次特朗普重大表态前，有人先砸了7.6亿空单。这次又是9.2亿。 这场战争的每一次重大公告，都被提前知道消息的人精准前置交易。 这到底是什么战争？ 这更像是一张带着军队的交易桌。

9.2 亿美元的原油空单，在 70 分钟内狂赚 1.25 亿美元。这笔交易的逻辑不在于预测，而在于对信息流时间的精准卡位： 1. 凌晨 3:40：巨量空单入场。 2. 70 分钟后：Axios 报道美伊接近达成协议。3. 结果：原油价格瞬间暴跌 12%。 这种级别的利润，靠的是在新闻扩散前的真空期完成布局。接下来要盯的是，这种信息差在自动化新闻流时代还能存在多久。

We recently identified a security issue involving the third-party developer library Axios that was part of a broader industry incident. We found no evidence that OpenAI user data was accessed, that our systems were compromised, or that our software was altered. Out of an abundance of caution we are taking steps to protect the process that certifies our macOS applications are legitimate OpenAI apps. We are updating our security certifications, which will require all macOS users to update their OpenAI apps to the latest versions. This helps prevent any risk—however unlikely—of someone attempting to distribute a fake app that appears to be from OpenAI. You can update safely through an in-app update or at the official links below. 🧵

最新进展：谷歌将 axios 供应链攻击归因朝鲜组织 UNC1069🥷🥷 谷歌威胁情报团队（GTIG）和 Mandiant 将昨日 axios 供应链攻击归因于 UNC1069，一个自 2018 年起活跃、以金融动机为主的朝鲜背景黑客组织，历史攻击目标以加密货币和 AI 行业为主。 归因依据是此次部署的 WAVESHAPER.V2 后门与 UNC1069 历史使用版本的直接代码传承，以及 C2 基础设施（sfrclak[.]com / 142.11.206.73）与其过往活动记录的重叠。

今天 axios 带来的供应链投毒事件，给行业带来了不小的注意力，OpenClaw 一个多小时前也强制锁了依赖模块的版本。 为了给大家一个更直观的风险感知，我统计了下，OpenClaw 三方模块依赖图，1,246 个三方模块，2,672 条依赖路径。就是这么的多…当然也可能有些统计偏差，三方 Skills 引入的也都没统计。 锁依赖版本是必须的安全实践，否则 1,246 个三方模块，任意一个被投毒，都可能干掉 OpenClaw… 软件工程从而不是件简单的事，AI 再强也会犯错，保持警惕吧。 要浪，就独立设备浪🌊免得被一窝端…

@evilcos 早上升级Openclaw 3.28 版本已经中招： • axios@1.14.1 位于全局路径：~/.npm-global/lib/node_modules/openclaw/node_modules/axios （被 OpenClaw 的内部依赖使用）。 • 未在全局 npm 或当前工作区中找到 axios@0.30.4。

建议给你的 Agents（包括 OpenClaw）都投喂如下提示词，好好排查下是否存在这波 axios 被投毒事件影响： 参考下面这个方法排查一遍我们的环境是否存在被投毒的 axios@1.14.1 与 axios@0.30.4，及恶意模块 plain-crypto-js，不能漏，确保排查全面： Check for the malicious axios versions in your project: npm list axios 2>/dev/null | grep -E "1\.14\.1|0\.30\.4" grep -A1 '"axios"' package-lock.json | grep -E "1\.14\.1|0\.30\.4" Check for plain-crypto-js in node_modules: ls node_modules/plain-crypto-js 2>/dev/null && echo "POTENTIALLY AFFECTED" If setup.js already ran, package.jsoninside this directory will have been replaced with a clean stub. The presence of the directory is sufficient evidence the dropper executed. Check for RAT artifacts on affected systems: # macOS ls -la /Library/Caches/com.apple.act.mond 2>/dev/null && echo "COMPROMISED" # Linux ls -la /tmp/ld.py 2>/dev/null && echo "COMPROMISED" "COMPROMISED" # Windows (cmd.exe) dir "%PROGRAMDATA%\wt.exe" 2>nul && echo COMPROMISED

🚨 Another major supply chain incident 🚨 axios — one of the most widely used npm packages — has been compromised. Malicious versions axios@1.14.1 and axios@0.30.4 were published and are actively dropping malware. The attack pulls in a newly created dependency plain-crypto-js@4.2.1, confirmed as a malicious loader: it executes obfuscated payloads, runs shell commands, and attempts to evade detection while wiping traces. With 100M+ weekly downloads, this is a live, large-scale supply chain attack. More details:

🚨 CRITICAL: Active supply chain attack on axios -- one of npm's most depended-on packages. The latest axios@1.14.1 now pulls in plain-crypto-js@4.2.1, a package that did not exist before today. This is a live compromise. This is textbook supply chain installer malware. axios has 100M+ weekly downloads. Every npm install pulling the latest version is potentially compromised right now. Socket AI analysis confirms this is malware. plain-crypto-js is an obfuscated dropper/loader that: • Deobfuscates embedded payloads and operational strings at runtime • Dynamically loads fs, os, and execSync to evade static analysis • Executes decoded shell commands • Stages and copies payload files into OS temp and Windows ProgramData directories • Deletes and renames artifacts post-execution to destroy forensic evidence If you use axios, pin your version immediately and audit your lockfiles. Do not upgrade.