Y Hacker News new | ask | show | jobs

user: varunsharma07 created: 2021-07-03 karma: 678 Founder of StepSecurity (https://www.stepsecurity.io) submissions: Ongoing NPM supply chain attack uses binding.gyp to spread like a worm 6 points | 0 comments 0 points | 0 comments Laravel-Lang Supply Chain Attack 3 points | 1 comments NX VS Code extension compromised again 4 points | 0 comments Actions-cool/issues-helper GitHub Action Compromised 3 points | 0 comments Malicious node-IPC Versions Published to NPM 6 points | 2 comments 0 points | 0 comments 0 points | 0 comments 0 points | 0 comments Postmortem: TanStack NPM supply-chain compromise 1097 points | 465 comments 0 points | 0 comments 0 points | 0 comments Hundreds of GitHub Python Repos Compromised via Account Takeover and Force-Push 5 points | 1 comments Show HN: Scan your dev machine for AI agents, MCP servers, and IDE extensions 9 points | 0 comments Xygeni/xygeni-action GitHub Action is compromised – poisoned tag is still live 2 points | 0 comments 0 points | 0 comments 0 points | 0 comments Hackerbot-Claw: AI Bot Exploiting GitHub Actions – Microsoft, Datadog Hit So Far 27 points | 4 comments GitHub Actions is left vulnerable to supply chain attacks: Datadog Report 4 points | 0 comments 0 points | 0 comments Cline Supply Chain Attack: Cline 2.3.0 Silently Installs OpenClaw 12 points | 1 comments 0 points | 0 comments Harden Runner Detected the SHA1-Hulud Supply Chain Attack in CNCF's Backstage 1 points | 1 comments 0 points | 0 comments 0 points | 0 comments Popular Nx Build System NPM Package Compromised with Data Stealing Malware 10 points | 2 comments 0 points | 0 comments Suspicious Tag Change in AWS's GitHub Action: What Happened and Why It Matters 3 points | 1 comments