Hacker Newsnew | past | comments | ask | show | jobs | submit | fromlogin
Megalodon Mass GitHub Actions Secret Exfiltration Across 5500 Public Repos (stepsecurity.io)
4 points by _____k 7 days ago | past | discuss
Actions-cool/issues-helper GitHub Action Compromised (stepsecurity.io)
2 points by choult 12 days ago | past | discuss
NX compromised: supply chain attack via IDE extension, again (stepsecurity.io)
5 points by Jehuty64 12 days ago | past | discuss
Malicious node-IPC versions published to NPM (stepsecurity.io)
2 points by rvz 15 days ago | past
TeamPCP's Mini Shai-Hulud Is Back (stepsecurity.io)
1 point by segmenta 18 days ago | past
Mini Shai-Hulud: Bun Payloads Hit SAP NPM Packages (stepsecurity.io)
9 points by likhith190 32 days ago | past
Axios compromised on NPM – Malicious versions drop remote access trojan (stepsecurity.io)
1934 points by mtud 61 days ago | past | 807 comments
Malicious IoliteLabs VSCode Extensions Target Solidity Developers with Backdoor (stepsecurity.io)
2 points by kurmiashish 64 days ago | past
Trivy Compromised a Second Time – v0.69.4 binaries, setup-trivy, trivy-action (stepsecurity.io)
9 points by dotty- 72 days ago | past | 1 comment
Malicious NPM Packages Found in React Native – 130K+ Monthly Downloads Hit (stepsecurity.io)
4 points by likhith190 75 days ago | past
Hundreds of GitHub Python Repos Compromised via Account Takeover and Force-Push (stepsecurity.io)
5 points by varunsharma07 77 days ago | past | 1 comment
Xygeni/xygeni-action GitHub Action is compromised – poisoned tag is still live (stepsecurity.io)
2 points by varunsharma07 82 days ago | past
Hackerbot-Claw: An AI-Powered Bot Actively Exploiting GitHub Actions (stepsecurity.io)
2 points by pavel_lishin 89 days ago | past
Hackerbot-Claw: An AI-Powered Bot Actively Exploiting GitHub Actions (stepsecurity.io)
4 points by denysvitali 3 months ago | past
Hackerbot-Claw: An AI-Powered Bot Actively Exploiting GitHub Actions (stepsecurity.io)
2 points by pluc 3 months ago | past
Hackerbot-Claw: AI Bot Exploiting GitHub Actions – Microsoft, Datadog Hit So Far (stepsecurity.io)
27 points by varunsharma07 3 months ago | past | 4 comments
Cline Supply Chain Attack: Cline 2.3.0 Silently Installs OpenClaw (stepsecurity.io)
12 points by varunsharma07 3 months ago | past | 1 comment
Harden Runner Detected the SHA1-Hulud Supply Chain Attack in CNCF's Backstage (stepsecurity.io)
1 point by varunsharma07 5 months ago | past | 1 comment
ctrl/tinycolor and 40+ NPM Packages Compromised (stepsecurity.io)
2 points by tomelders 8 months ago | past | 1 comment
Ctrl/tinycolor and 40 NPM Packages Compromised (stepsecurity.io)
3 points by kurmiashish 8 months ago | past | 1 comment
Popular Nx Build System NPM Package Compromised with Data Stealing Malware (stepsecurity.io)
10 points by varunsharma07 9 months ago | past | 2 comments
Suspicious Tag Change in AWS's GitHub Action: What Happened and Why It Matters (stepsecurity.io)
3 points by varunsharma07 9 months ago | past | 1 comment
Num2words PyPI Package Compromised (stepsecurity.io)
22 points by varunsharma07 10 months ago | past | 6 comments
AI coding agents in CI/CD pipelines create new attack vectors (stepsecurity.io)
2 points by kurmiashish 10 months ago | past | 1 comment
eslint-config-prettier npm package compromised (stepsecurity.io)
74 points by varunsharma07 10 months ago | past | 11 comments
Grafana GitHub Actions Security Incident (stepsecurity.io)
10 points by varunsharma07 on April 28, 2025 | past
Tj-actions/changed-files GitHub Action Compromised – used by over 23K repos (stepsecurity.io)
273 points by varunsharma07 on March 14, 2025 | past | 298 comments
CI/CD supply chain attack on Azure Karpenter Provider open-source project (stepsecurity.io)
3 points by varunsharma07 on Nov 25, 2024 | past | 2 comments
Security Breach in Stripe Repo: A Deep Dive into the "Pwn Request" Vulnerability (stepsecurity.io)
7 points by varunsharma07 on Sept 6, 2024 | past
Show HN: GitHub Actions Advisor – View security scores of GitHub Actions you use (stepsecurity.io)
3 points by varunsharma07 on Jan 17, 2024 | past

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: