For the best experience on desktop, install the
Chrome extension
to track your reading on news.ycombinator.com
×
Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
|
history
|
from
register
Axios compromised on NPM – Malicious versions drop remote access trojan
(
stepsecurity.io
)
1930 points
by
mtud
6 days ago
|
past
|
808 comments
Malicious IoliteLabs VSCode Extensions Target Solidity Developers with Backdoor
(
stepsecurity.io
)
2 points
by
kurmiashish
9 days ago
|
past
|
discuss
Trivy Compromised a Second Time – v0.69.4 binaries, setup-trivy, trivy-action
(
stepsecurity.io
)
9 points
by
dotty-
17 days ago
|
past
|
1 comment
Malicious NPM Packages Found in React Native – 130K+ Monthly Downloads Hit
(
stepsecurity.io
)
4 points
by
likhith190
20 days ago
|
past
Hundreds of GitHub Python Repos Compromised via Account Takeover and Force-Push
(
stepsecurity.io
)
5 points
by
varunsharma07
22 days ago
|
past
|
1 comment
Xygeni/xygeni-action GitHub Action is compromised – poisoned tag is still live
(
stepsecurity.io
)
2 points
by
varunsharma07
27 days ago
|
past
Hackerbot-Claw: An AI-Powered Bot Actively Exploiting GitHub Actions
(
stepsecurity.io
)
2 points
by
pavel_lishin
34 days ago
|
past
Hackerbot-Claw: An AI-Powered Bot Actively Exploiting GitHub Actions
(
stepsecurity.io
)
4 points
by
denysvitali
35 days ago
|
past
Hackerbot-Claw: An AI-Powered Bot Actively Exploiting GitHub Actions
(
stepsecurity.io
)
2 points
by
pluc
35 days ago
|
past
Hackerbot-Claw: AI Bot Exploiting GitHub Actions – Microsoft, Datadog Hit So Far
(
stepsecurity.io
)
27 points
by
varunsharma07
35 days ago
|
past
|
4 comments
Cline Supply Chain Attack: Cline 2.3.0 Silently Installs OpenClaw
(
stepsecurity.io
)
12 points
by
varunsharma07
46 days ago
|
past
|
1 comment
Harden Runner Detected the SHA1-Hulud Supply Chain Attack in CNCF's Backstage
(
stepsecurity.io
)
1 point
by
varunsharma07
4 months ago
|
past
|
1 comment
ctrl/tinycolor and 40+ NPM Packages Compromised
(
stepsecurity.io
)
2 points
by
tomelders
6 months ago
|
past
|
1 comment
Ctrl/tinycolor and 40 NPM Packages Compromised
(
stepsecurity.io
)
3 points
by
kurmiashish
6 months ago
|
past
|
1 comment
Popular Nx Build System NPM Package Compromised with Data Stealing Malware
(
stepsecurity.io
)
10 points
by
varunsharma07
7 months ago
|
past
|
2 comments
Suspicious Tag Change in AWS's GitHub Action: What Happened and Why It Matters
(
stepsecurity.io
)
3 points
by
varunsharma07
7 months ago
|
past
|
1 comment
Num2words PyPI Package Compromised
(
stepsecurity.io
)
22 points
by
varunsharma07
8 months ago
|
past
|
6 comments
AI coding agents in CI/CD pipelines create new attack vectors
(
stepsecurity.io
)
2 points
by
kurmiashish
8 months ago
|
past
|
1 comment
eslint-config-prettier npm package compromised
(
stepsecurity.io
)
74 points
by
varunsharma07
8 months ago
|
past
|
11 comments
Grafana GitHub Actions Security Incident
(
stepsecurity.io
)
10 points
by
varunsharma07
11 months ago
|
past
Tj-actions/changed-files GitHub Action Compromised – used by over 23K repos
(
stepsecurity.io
)
273 points
by
varunsharma07
on March 14, 2025
|
past
|
298 comments
CI/CD supply chain attack on Azure Karpenter Provider open-source project
(
stepsecurity.io
)
3 points
by
varunsharma07
on Nov 25, 2024
|
past
|
2 comments
Security Breach in Stripe Repo: A Deep Dive into the "Pwn Request" Vulnerability
(
stepsecurity.io
)
7 points
by
varunsharma07
on Sept 6, 2024
|
past
Show HN: GitHub Actions Advisor – View security scores of GitHub Actions you use
(
stepsecurity.io
)
3 points
by
varunsharma07
on Jan 17, 2024
|
past
GitHub Actions security best practices (Checklist)
(
stepsecurity.io
)
4 points
by
jayaramsinghani
on Dec 14, 2023
|
past
How Google secures their GitHub Actions workflows with StepSecurity
(
stepsecurity.io
)
3 points
by
varunsharma07
on Nov 8, 2023
|
past
Celebrating Success of 500 Open Source Projects Using StepSecurity's Platform
(
stepsecurity.io
)
1 point
by
varunsharma07
on July 11, 2023
|
past
|
1 comment
Do you maintain a GitHub Action? Contribute to the SecureWorkflows project
(
stepsecurity.io
)
2 points
by
varunsharma07
on Aug 31, 2022
|
past
|
1 comment
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
×
HN For You
Display Mode
Highlight
Top
Only
Debug mode
Sign Out
API Key:
Connect
Create an account
to get your API key.
