Latest Tech News

Stay updated with the latest in technology, AI, cybersecurity, and more

Filtered by: ack Clear Filter

Shai-Hulud malware attack: Tinycolor and over 40 NPM packages compromised

news.ycombinator.com Unknown 2025-09-24 19:22:03

Executive Summary The NPM ecosystem is facing another critical supply chain attack. The popular @ctrl/tinycolor package, which receives over 2 million weekly downloads, has been compromised along with more than 40 other packages across multiple maintainers. This attack demonstrates a concerning evolution in supply chain threats - the malware includes a self-propagating mechanism that automatically infects downstream packages, creating a cascading compromise across the ecosystem. The compromised

Topics: 20 community github npm packages
Read More
Shop Amazon

Live Updates: Shai-Hulud, the Most Dangerous NPM Breach in History

news.ycombinator.com Idan Dardikman 2025-09-25 07:26:32

We are tracking the largest and most dangerous npm supply-chain compromise in history, known as the Shai-Hulud malware campaign, which has now impacted hundreds of packages across multiple maintainers. This includes popular libraries such as @ctrl/tinycolor as well as packages maintained by CrowdStrike. Malicious versions embed a trojanized script (bundle.js) designed to steal developer credentials, exfiltrate secrets, and persist in repositories and endpoints through automated workflows. The ta

Topics: github hulud npm packages shai
Read More
Shop Amazon

Writing an operating system kernel from scratch – RISC-V/OpenSBI/Zig

news.ycombinator.com Uros Popovic 2025-09-22 18:36:23

Posted on: September 13, 2025 | at 09:30 AM Follow @popovicu94 I recently implemented a minimal proof of concept time-sharing operating system kernel on RISC-V. In this post, I’ll share the details of how this prototype works. The target audience is anyone looking to understand low-level system software, drivers, system calls, etc., and I hope this will be especially useful to students of system software and computer architecture. This is a redo of an exercise I did for my undergraduate cours

Topics: interrupt kernel sp stack thread
Read More
Shop Amazon

Self-propagating supply chain attack hits 187 npm packages

bleepingcomputer.com Unknown 2025-09-25 15:46:43

Security researchers have identified at least 187 npm packages compromised in an ongoing supply chain attack, with a malicious self-propagating payload to infect other packages. The coordinated worm-style campaign dubbed 'Shai-Hulud' started yesterday with the compromise of the @ctrl/tinycolor npm package, which receives over 2 million weekly downloads. Since then, the campaign has expanded significantly and now includes packages published under CrowdStrike's npm namespace. From tinycolor to

Topics: attack chain compromised npm packages
Read More
Shop Amazon

BlackBerry Passport getting set to follow Classic with a new life on Android

androidauthority.com Unknown 2025-09-25 23:28:53

Blackberry The original BlackBerry Passport TL;DR The team behind BlackBerry Classic’s Android revival is now working on a similar project for the BlackBerry Passport. Zinwa Technologies, the team behind the project, plans to sell DIY kits that will allow users to run Android on the Passport. The kits aren’t available immediately, but will be available sometime in 2026, which is slightly disappointing. Old, discarded BlackBerry phones are having a renaissance moment. We recently witnessed an

Topics: android blackberry classic passport zinwa
Read More
Shop Amazon

Self-Replicating Worm Hits 180+ Software Packages

krebsonsecurity.com Unknown 2025-09-25 23:08:02

At least 187 code packages made available through the JavaScript repository NPM have been infected with a self-replicating worm that steals credentials from developers and publishes those secrets on GitHub, experts warn. The malware, which briefly infected multiple code packages from the security vendor CrowdStrike, steals and publishes even more credentials every time an infected package is installed. The novel malware strain is being dubbed Shai-Hulud — after the name for the giant sandworms

Topics: attack code npm packages said
Read More
Shop Amazon

Trucker built a scale model of NYC over 21 years

news.ycombinator.com Https 2025-09-26 03:20:11

Reno may be “the biggest little city in the world,” but it's got some serious competition from the miniature New York City that hobbyist Joseph Macken built in his upstate New York basement over two decades. “I sat down in my basement, turned the camera on on my phone and just started talking about my first section, which was Downtown Manhattan,” the Clifton Park resident said on a recent Thursday about his viral TikToks on his roughly 50-by-30-foot scale model of the city. “It just took off.” T

Topics: building city macken model said
Read More
Shop Amazon

One Vigilante, 22 Cell Tower Fires, and a World of Conspiracies

wired.com Brendan I. Koerner 2025-09-26 00:00:00

As dawn spread over San Antonio on September 9, 2021, almond-colored smoke began to fill the sky above the city’s Far West Side. The plumes were whorling off the top of a 132-foot-tall cell tower that overshadows an office park just north of SeaWorld. At a hotel a mile away, a paramedic snapped a photo of the spectacle and posted it to the r/sanantonio subreddit. “Cell tower on fire around 1604 and Culebra,” he wrote. In typical Reddit fashion, the comments section piled up with corny jokes. “B

Topics: 5g attacks conspiracy smith violence
Read More
Shop Amazon

Self Propagating NPM Malware Compromises over 40 Packages

news.ycombinator.com Unknown 2025-09-26 16:22:03

Executive Summary The NPM ecosystem is facing another critical supply chain attack. The popular @ctrl/tinycolor package, which receives over 2 million weekly downloads, has been compromised along with more than 40 other packages across multiple maintainers. This attack demonstrates a concerning evolution in supply chain threats - the malware includes a self-propagating mechanism that automatically infects downstream packages, creating a cascading compromise across the ecosystem. The compromised

Topics: aws github npm packages secrets
Read More
Shop Amazon

One Vigilante, 22 Cell Towers, and a World of Conspiracies

wired.com Brendan I Koerner 2025-09-26 15:00:00

As dawn spread over San Antonio on September 9, 2021, almond-colored smoke began to fill the sky above the city’s Far West Side. The plumes were whorling off the top of a 132-foot-tall cell tower that overshadows an office park just north of SeaWorld. At a hotel a mile away, a paramedic snapped a photo of the spectacle and posted it to the r/sanantonio subreddit. “Cell tower on fire around 1604 and Culebra,” he wrote. In typical Reddit fashion, the comments section piled up with corny jokes. “B

Topics: 5g attacks conspiracy smith violence
Read More
Shop Amazon

Company that owns Gucci, Balenciaga, other brands confirms hack

techcrunch.com Lorenzo Franceschi-Bicchierai 2025-09-27 07:03:09

In Brief Kering confirmed a data breach affecting customers of its luxury brands Gucci, Balenciaga, Alexander McQueen, Yves Saint Lauren, and others, on Monday. Hackers stole sensitive customer data such as names, email addresses, phone numbers, home addresses, and the total amount of money they spent in stores all over the world. The BBC first reported the breach. Kering said the hackers did not steal credit card numbers and that it has contacted the customers whose data is part of the breac

Topics: addresses breach customers data hackers
Read More
Shop Amazon

The madness of SaaS chargebacks

news.ycombinator.com Mike Kulakov 2025-09-27 23:30:46

Press enter or click to view image in full size The $10 Payment That Cost Me $43.95 — The Madness of SaaS Chargebacks Mike Kulakov 5 min read · Just now Just now -- Listen Share We run several SaaS products at Everhour, all billed through Stripe. Majority of the time everything works fine, but sometimes we get chargebacks. Even thought we do everything possible to prevent them. We don’t ask for a credit card until the moment of subscription. A few days before each renewal, we send an email no

Topics: chargebacks customer dispute just time
Read More
Shop Amazon

Meta bypassed Apple privacy protections, claims former employee

news.ycombinator.com Ben Lovejoy 2025-09-28 02:59:54

A former Meta product manager has claimed that the social network circumvented Apple’s privacy protections, as well as cheating advertisers, and fired him when he repeatedly raised the issue internally. Meta is said to have found ways to identify Apple users even after they refused consent for app tracking, in order to avoid an estimated $10 billion loss of revenue … App Tracking Transparency hit Meta hard Meta relied heavily on selling personalized advertising, which required it to be able t

Topics: apple meta purkayastha tracking users
Read More
Shop Amazon

Free Spotify users can finally listen to any track immediately

engadget.com Unknown 2025-09-28 11:00:13

There must be something in the water at Spotify HQ. Less than a week after delivering long-promised lossless audio, the company has another treat. Free listeners can finally listen to any track they want. After enhancing Premium, perhaps Spotify figured it could add a free perk without shedding subscribers. Spotify accounts on the free plan can now choose any track and immediately listen to it. Previously, that was paywalled for Premium subscribers. Non-paying ones had to shuffle through an alb

Topics: choose free playlist spotify track
Read More
Shop Amazon

Battling for the lead at an IRL version of Mario Kart

theverge.com Tim Stevens 2025-09-28 11:01:24

When it comes to mainstream gaming appeal, it’s hard to beat Mario Kart. Break out some controllers at a party and you’ll likely get a grid full of eager racers. The game’s seamless way of balancing disparate levels of skill and aggression creates an addictive experience for just about everyone. Real-world karting, on the other hand, remains more of a niche affair. Sure, plenty of people race karts at theme parks and putt-putt parking lots, but this style of racing isn’t on the radar for your a

Topics: kart mario power rpm track
Read More
Shop Amazon

The Apple Watch Series 11 is one feature away from making me ditch my Oura Ring

zdnet.com Nina Raemont 2025-09-28 15:03:10

Nina Raemont/ZDNET Follow ZDNET: Add us as a preferred source on Google. ZDNET's key takeaways Apple unveiled Sleep Scores on the Apple Watch. The feature is available with WatchOS 26 and on the new smartwatches. There's one health tracking feature I wish Apple had announced. Last year, Gallup surveyed Americans about their sleep habits. For the first time since polling began in 2001, it found that a majority of Americans said they'd feel better if they got more sleep. They aren't happy

Topics: apple feature heart sleep tracking
Read More
Shop Amazon

The $10 Payment That Cost Me $43.95 – The Madness of SaaS Chargebacks

news.ycombinator.com Mike Kulakov 2025-09-29 00:30:46

Press enter or click to view image in full size The $10 Payment That Cost Me $43.95 — The Madness of SaaS Chargebacks Mike Kulakov 5 min read · Just now Just now -- Listen Share We run several SaaS products at Everhour, all billed through Stripe. Majority of the time everything works fine, but sometimes we get chargebacks. Even thought we do everything possible to prevent them. We don’t ask for a credit card until the moment of subscription. A few days before each renewal, we send an email no

Topics: chargebacks customer dispute just time
Read More
Shop Amazon

Which NPM package has the largest version number?

news.ycombinator.com Unknown 2025-09-28 21:03:18

Which npm package has the largest version number? I spent way too much time on this I was recently working on a project that uses the AWS SDK for JavaScript. When updating the dependencies in said project, I noticed that the version of that dependency was v3.888.0 . Eight hundred eighty eight. That’s a big number as far as versions go. That got me thinking: I wonder what package in the npm registry has the largest number in its version. It could be a major, minor, or patch version, and it doe

Topics: const number package packages versions
Read More
Shop Amazon

Writing an operating system kernel from scratch

news.ycombinator.com Uros Popovic 2025-09-28 19:44:44

Posted on: September 13, 2025 | at 09:30 AM Follow @popovicu94 I recently implemented a minimal proof of concept time-sharing operating system kernel on RISC-V. In this post, I’ll share the details of how this prototype works. The target audience is anyone looking to understand low-level system software, drivers, system calls, etc., and I hope this will be especially useful to students of system software and computer architecture. This is a redo of an exercise I did for my undergraduate cours

Topics: interrupt kernel sp stack thread
Read More
Shop Amazon

A single, 'naked' black hole confounds theories of the young cosmos

news.ycombinator.com Charlie Wood 2025-09-28 13:27:12

A black hole unlike any seen before has been spotted in the early universe. It’s huge and appears to be essentially on its own, with few stars circling it. The object, which may represent a whole new class of enormous “naked” black holes, upends the textbook understanding of the young universe. “This is completely off the scale,” said Roberto Maiolino, an astrophysicist at the University of Cambridge who helped reveal the nature of the object in a preprint posted on August 29. “It’s terribly ex

Topics: black dots holes red universe
Read More
Shop Amazon

Tesla board chair calls debate over Elon Musk’s $1T pay package ‘a little bit weird’

techcrunch.com Anthony Ha 2025-09-28 16:33:34

In Brief With Tesla shareholders set to vote on a proposed 10-year, $1 trillion compensation package for CEO Elon Musk in November, board chair Robyn Denholm spoke to The New York Times to defend what would be the largest pay package in corporate history. Denholm, who was also on the special committee that put the compensation proposal together, argued that Musk needs to be motivated by extraordinary challenges tied to extraordinary compensation. At the same time, she suggested he’s less inter

Topics: compensation denholm musk package tesla
Read More
Shop Amazon

Scientists Say They Can't Explain the Signal They Just Detected From Beyond Our Galaxy

futurism.com Unknown 2025-09-28 12:15:24

Gamma ray bursts are some of the most powerful explosions in the universe, unleashing as much energy in mere seconds as the Sun will in its entire 10 billion year lifespan. Typically, they're produced by stars dying in a spectacular supernova — a rapid collapse that completely obliterates the stellar object. But now, astronomers say they've detected a gamma ray burst that utterly defies explanation: it repeated multiple times over the course of a single day, as if the star somehow suffered back

Topics: black hole martin said star
Read More
Shop Amazon

Proton Mail suspended journalist accounts at request of cybersecurity agency

news.ycombinator.com Nikita Mazurov 2025-09-28 22:20:36

The company behind the Proton Mail email service, Proton, describes itself as a “neutral and safe haven for your personal data, committed to defending your freedom.” But last month, Proton disabled email accounts belonging to journalists reporting on security breaches of various South Korean government computer systems following a complaint by an unspecified cybersecurity agency. After a public outcry, and multiple weeks, the journalists’ accounts were eventually reinstated — but the reporters

Topics: account accounts journalists phrack proton
Read More
Shop Amazon

Proton Mail Suspended Journalist Accounts at Request of Cybersecurity Agency

news.ycombinator.com Nikita Mazurov 2025-09-29 03:20:36

The company behind the Proton Mail email service, Proton, describes itself as a “neutral and safe haven for your personal data, committed to defending your freedom.” But last month, Proton disabled email accounts belonging to journalists reporting on security breaches of various South Korean government computer systems following a complaint by an unspecified cybersecurity agency. After a public outcry, and multiple weeks, the journalists’ accounts were eventually reinstated — but the reporters

Topics: account accounts journalists phrack proton
Read More
Shop Amazon

Microsoft Will Lower Price of Office 365 Without Teams Platform, Avoiding EU Antitrust Fine

cnet.com See Full Bio 2025-09-29 10:45:00

Microsoft has agreed to sell Office 365 suites unbundled without Teams for a significantly lower price than previously, ending a five-plus-year European Union dispute with Slack and avoiding a fine by the EU. The software giant was charged with EU antitrust violations in June 2024 for bundling Teams with Office 365 and Microsoft 365 subscriptions. The dispute began in July 2020, when Slack (now owned by Salesforce) filed an official complaint, alleging Microsoft was conducting an "illegal and a

Topics: eu microsoft office slack teams
Read More
Shop Amazon

Nintendo is bringing back the Virtual Boy as a Switch and Switch 2 accessory

engadget.com Unknown 2025-09-30 07:00:37

Nintendo had a truly wild surprise up its sleeve for Switch Online + Expansion Pack during its Direct event on Friday. The company is bringing back the Virtual Boy as a physical device into which you can slot your Switch or Switch 2. A plastic replica of the mid-90s tabletop system will soon be available for Switch Online members to buy. The company will sell a cardboard version of the accessory too. No need to rub your eyes in disbelief (but if history is any indication, you might have to for r

Topics: boy games pack switch virtual
Read More
Shop Amazon

The first three things you’ll want during a cyberattack

bleepingcomputer.com Unknown 2025-09-30 07:02:12

The moment a cyberattack strikes, the clock starts ticking. Files lock up, systems stall, phones light up and the pressure skyrockets. Every second counts. What happens next can mean the difference between recovery and catastrophe. In that moment, you need three things above all else: clarity, control and a lifeline. Without them, even the most experienced IT team or managed service provider (MSP) can feel paralyzed by confusion as damage escalates. But with clarity, control and a lifeline, you

Topics: attack clarity control lifeline recovery
Read More
Shop Amazon

Racintosh Plus – Rackmount Mac Plus

news.ycombinator.com Unknown 2025-09-26 19:39:00

Saturday, September 6, 2025 at 7:03AM 4 months of work just to make a stupid pun. 1986 Macintosh Plus at home in my music studio. I own a Macintosh Plus from 1986, I found it in the mid 2000's on my college campus on a free-to-a-good-home shelf (Mad Marc's shelf in the chemistry building) in great shape and with its mouse, keyboard, and an HD-20 external hard disk drive. That silly computer has been on the journey with me ever since, leaving college with me and occupying a spot in all of my

Topics: board drive plus racintosh rack
Read More
Shop Amazon

I tried the Apple Watch Series 11, and it's so close to making my Oura Ring obsolete

zdnet.com Nina Raemont 2025-10-01 11:06:00

Nina Raemont/ZDNET Follow ZDNET: Add us as a preferred source on Google. ZDNET's key takeaways Apple unveiled Sleep Scores on the Apple Watch. The feature is available with WatchOS 26 and on the new smartwatches. There's one health tracking feature I wish Apple had announced. Last year, Gallup surveyed Americans about their sleep habits. For the first time since polling began in 2001, it found that a majority of Americans said they'd feel better if they got more sleep. They aren't happy

Topics: apple feature heart sleep tracking
Read More
Shop Amazon
Trending Topics
Hot Now
ai 3638 apple 3011 new 2398 google 2027 content 1730
Popular
like 1496 company 1423 pro 1317 iphone 1154 app 1129 zdnet 1112 said 1062 data 1050 does 908 reviews 893
Emerging
editorial 872 amazon 857 game 808 samsung 777 phone 764 pixel 758 android 741 just 717 users 685 available 683
About GoKawiil

GoKawiil is a project by nerdhub.co that curates technology news from trusted sources. We built this site to provide a cleaner, more mobile-friendly experience without intrusive ads or heavy JavaScript.

Privacy

Your privacy matters. GoKawiil doesn't use Google Analytics or Facebook Pixel. The only tracking occurs through affiliate links to Amazon.

Advertising

Interested in advertising? Contact us at [email protected]