Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
|
from
login
Miasma NPM Supply Chain Attack: Self-Spreading Worm via Phantom Gyp
(
stepsecurity.io
)
1 point
by
gaurang_tandon
19 minutes ago
|
past
|
discuss
Megalodon Mass GitHub Actions Secret Exfiltration Across 5500 Public Repos
(
stepsecurity.io
)
4 points
by
_____k
11 days ago
|
past
|
discuss
Actions-cool/issues-helper GitHub Action Compromised
(
stepsecurity.io
)
2 points
by
choult
15 days ago
|
past
NX compromised: supply chain attack via IDE extension, again
(
stepsecurity.io
)
5 points
by
Jehuty64
16 days ago
|
past
Malicious node-IPC versions published to NPM
(
stepsecurity.io
)
2 points
by
rvz
18 days ago
|
past
TeamPCP's Mini Shai-Hulud Is Back
(
stepsecurity.io
)
1 point
by
segmenta
22 days ago
|
past
Mini Shai-Hulud: Bun Payloads Hit SAP NPM Packages
(
stepsecurity.io
)
9 points
by
likhith190
35 days ago
|
past
Axios compromised on NPM – Malicious versions drop remote access trojan
(
stepsecurity.io
)
1934 points
by
mtud
65 days ago
|
past
|
807 comments
Malicious IoliteLabs VSCode Extensions Target Solidity Developers with Backdoor
(
stepsecurity.io
)
2 points
by
kurmiashish
68 days ago
|
past
Trivy Compromised a Second Time – v0.69.4 binaries, setup-trivy, trivy-action
(
stepsecurity.io
)
9 points
by
dotty-
76 days ago
|
past
|
1 comment
Malicious NPM Packages Found in React Native – 130K+ Monthly Downloads Hit
(
stepsecurity.io
)
4 points
by
likhith190
79 days ago
|
past
Hundreds of GitHub Python Repos Compromised via Account Takeover and Force-Push
(
stepsecurity.io
)
5 points
by
varunsharma07
81 days ago
|
past
|
1 comment
Xygeni/xygeni-action GitHub Action is compromised – poisoned tag is still live
(
stepsecurity.io
)
2 points
by
varunsharma07
86 days ago
|
past
Hackerbot-Claw: An AI-Powered Bot Actively Exploiting GitHub Actions
(
stepsecurity.io
)
2 points
by
pavel_lishin
3 months ago
|
past
Hackerbot-Claw: An AI-Powered Bot Actively Exploiting GitHub Actions
(
stepsecurity.io
)
4 points
by
denysvitali
3 months ago
|
past
Hackerbot-Claw: An AI-Powered Bot Actively Exploiting GitHub Actions
(
stepsecurity.io
)
2 points
by
pluc
3 months ago
|
past
Hackerbot-Claw: AI Bot Exploiting GitHub Actions – Microsoft, Datadog Hit So Far
(
stepsecurity.io
)
27 points
by
varunsharma07
3 months ago
|
past
|
4 comments
Cline Supply Chain Attack: Cline 2.3.0 Silently Installs OpenClaw
(
stepsecurity.io
)
12 points
by
varunsharma07
3 months ago
|
past
|
1 comment
Harden Runner Detected the SHA1-Hulud Supply Chain Attack in CNCF's Backstage
(
stepsecurity.io
)
1 point
by
varunsharma07
6 months ago
|
past
|
1 comment
ctrl/tinycolor and 40+ NPM Packages Compromised
(
stepsecurity.io
)
2 points
by
tomelders
8 months ago
|
past
|
1 comment
Ctrl/tinycolor and 40 NPM Packages Compromised
(
stepsecurity.io
)
3 points
by
kurmiashish
8 months ago
|
past
|
1 comment
Popular Nx Build System NPM Package Compromised with Data Stealing Malware
(
stepsecurity.io
)
10 points
by
varunsharma07
9 months ago
|
past
|
2 comments
Suspicious Tag Change in AWS's GitHub Action: What Happened and Why It Matters
(
stepsecurity.io
)
3 points
by
varunsharma07
9 months ago
|
past
|
1 comment
Num2words PyPI Package Compromised
(
stepsecurity.io
)
22 points
by
varunsharma07
10 months ago
|
past
|
6 comments
AI coding agents in CI/CD pipelines create new attack vectors
(
stepsecurity.io
)
2 points
by
kurmiashish
10 months ago
|
past
|
1 comment
eslint-config-prettier npm package compromised
(
stepsecurity.io
)
74 points
by
varunsharma07
10 months ago
|
past
|
11 comments
Grafana GitHub Actions Security Incident
(
stepsecurity.io
)
10 points
by
varunsharma07
on April 28, 2025
|
past
Tj-actions/changed-files GitHub Action Compromised – used by over 23K repos
(
stepsecurity.io
)
273 points
by
varunsharma07
on March 14, 2025
|
past
|
298 comments
CI/CD supply chain attack on Azure Karpenter Provider open-source project
(
stepsecurity.io
)
3 points
by
varunsharma07
on Nov 25, 2024
|
past
|
2 comments
Security Breach in Stripe Repo: A Deep Dive into the "Pwn Request" Vulnerability
(
stepsecurity.io
)
7 points
by
varunsharma07
on Sept 6, 2024
|
past
More
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
