GoKawiil - Latest Tech News & Aggregated Headlines

Supply-chain attacks on open source software are getting out of hand

arstechnica.com Unknown 2025-12-25 23:50:37

It has been a busy week for supply-chain attacks targeting open source software available in public repositories, with successful breaches of multiple developer accounts that resulted in malicious packages being pushed to unsuspecting users. The latest target, according to security firm Socket, is JavaScript code available on repository npm. A total of 10 packages available from the npm page belonging to global talent agency Toptal contained malware and were downloaded by roughly 5,000 users be

Topics: attack github npm packages publishing

Shop Amazon

Open source repositories are seeing a rash of supply-chain attacks

arstechnica.com Unknown 2025-12-26 05:50:37

It has been a busy week for supply-chain attacks targeting open source software available in public repositories, with successful breaches of multiple developer accounts that resulted in malicious packages being pushed to unsuspecting users. The latest target, according to security firm Socket, is JavaScript code available on repository npm. A total of 10 packages available from the npm page belonging to global talent agency Toptal contained malware and were downloaded by roughly 5,000 users be

Topics: attack github npm packages socket

Shop Amazon

Hackers breach Toptal GitHub account, publish malicious npm packages

bleepingcomputer.com Unknown 2025-12-29 10:26:04

Hackers compromised Toptal's GitHub organization account and used their access to publish ten malicious packages on the Node Package Manager (NPM) index. The packages included data-stealing code that collected GitHub authentication tokens and then wiped the victims' systems. Toptal is a freelance talent marketplace that connects companies with software developers, designers, and finance experts. The company also maintains internal developer tools and design systems, most notably Picasso, which

Topics: github malicious packages picasso toptal

Shop Amazon

Thawing vacuum-packed fish correctly (2024)

news.ycombinator.com Shannon Stover 2025-12-25 20:37:44

Thawing vacuum-packed fish correctly Improper thawing of vacuum-packed fish can lead to a foodborne illness. Learn how to do it safely. Looking for vacuum-packed fish is an excellent way to purchase fish in the grocery store. Vacuum packaging keeps the fish from drying out by preventing water loss; it also can ensure the fish is packaged at peak quality. Vacuum packaging, also called reduced oxygen packaging (ROP), limits oxygen and allows for extended shelf life in the freezer by reducing od

Topics: fish packaging packed thawing vacuum

Shop Amazon

NPM package ‘is’ with 2.8M weekly downloads infected devs with malware

bleepingcomputer.com Unknown 2025-12-31 20:57:06

The popular NPM package 'is' has been compromised in a supply chain attack that injected backdoor malware, giving attackers full access to compromised devices. This occurred after maintainer accounts were hijacked via phishing, followed by unauthorized owner changes that went unnoticed for several hours, potentially compromising many developers who downloaded the new releases. The 'is' package is a lightweight JavaScript utility library that provides a wide variety of type checking and value v

Topics: attack compromised malware npm package

Shop Amazon

npm 'accidentally' removes Stylus package, breaks builds and pipelines

bleepingcomputer.com Unknown 2026-01-01 05:21:25

npm has taken down all versions of the real Stylus library and replaced them with a "security holding" page, breaking pipelines and builds worldwide that rely on the package. A security placeholder webpage is typically displayed when malicious packages and libraries are removed by the admins of npmjs.com, the world's largest software registry primarily used for JavaScript and Node.js development. But that isn't quite the case for Stylus: a legitimate "revolutionary" library receiving 3 million

Topics: npm npmjs package packages stylus

Shop Amazon

The Must-Have Exclusives From San Diego Comic-Con 2025

gizmodo.com James Whitbrook 2026-01-02 05:30:44

In just a couple more days, pop culture will descend on the San Diego Convention Center as SDCC prepares to dazzle us for another year (if everyone didn’t stop releasing their trailers before their panels, that is). But of course, among all the big news and astonishing cosplay, there’s going to be tons of fantastic merch to get your hands on exclusive to Comic-Con. Here’s our guide to some of the absolute coolest on offer. 100% Soft Galactus Vinyl SDCC is taking place during Fantastic Four: Fi

Topics: available booth convention pack year

Shop Amazon

OSS Rebuild: open-source, rebuilt to last

news.ycombinator.com Posted Matthew Suozzo 2026-01-02 12:53:46

Today we're excited to announce OSS Rebuild, a new project to strengthen trust in open source package ecosystems by reproducing upstream artifacts. As supply chain attacks continue to target widely-used dependencies, OSS Rebuild gives security teams powerful data to avoid compromise without burden on upstream maintainers. The project comprises: Automation to derive declarative build definitions for existing PyPI (Python), npm (JS/TS), and Crates.io (Rust) packages. SLSA Provenance for thousan

Topics: build oss packages rebuild security

Shop Amazon

OSS Rebuild: open-source, Rebuilt to Last

news.ycombinator.com Posted Matthew Suozzo 2026-01-03 18:53:46

Today we're excited to announce OSS Rebuild, a new project to strengthen trust in open source package ecosystems by reproducing upstream artifacts. As supply chain attacks continue to target widely-used dependencies, OSS Rebuild gives security teams powerful data to avoid compromise without burden on upstream maintainers. The project comprises: Automation to derive declarative build definitions for existing PyPI (Python), npm (JS/TS), and Crates.io (Rust) packages. SLSA Provenance for thousan

Topics: build oss packages rebuild security

Shop Amazon

Installing apps on Linux? 4 ways it's different than any other OS - and mistakes to avoid

zdnet.com Jack Wallen 2026-01-06 20:26:28

Elyse Betters Picaro / ZDNET When I first started using Linux in the late 90s, there was really only one way to install an application. You would download the app, unpack the archive, run the ./configure command, build the app with make, and then install it with make install. Inevitably, when you ran through that course, you would stumble because of dependencies and have to locate the dependency, run through the same process as you just did (only with the new software), and then find out the ne

Topics: app install linux package software

Shop Amazon

T-Mobile is bringing low-latency tech to 5G for the first time

theverge.com Jay Peters 2026-01-06 20:00:00

is a news editor covering technology, gaming, and more. He joined The Verge in 2019 after nearly two years at Techmeme. Over the next few weeks, T-Mobile is expanding support for the L4S standard, which stands for “Low Latency, Low Loss, Scalable Throughput.” The technology helps high-priority internet packets move along with fewer delays, to make video calls and cloud games feel smoother and reduce annoying hitches. Users won’t need a special phone or plan to take advantage of the benefits fr

Topics: congestion l4s mobile packets saw

Shop Amazon

A 14kb page can load much faster than a 15kb page (2022)

news.ycombinator.com Unknown 2026-01-06 16:26:45

Why your website should be under 14kB in size Why your website should be under 14kB in size Having a smaller website makes it load faster — that's not surprising. What is surprising is that a 14kB page can load much faster than a 15kB page — maybe 612ms faster — while the difference between a 15kB and a 16kB page is trivial. This is because of the TCP slow start algorithm. This article will cover what that is, how it works, and why you should care. But first we'll quickly go over some of the

Topics: 14kb packets satellite server tcp

Shop Amazon

Why your website should be under 14kB in size

news.ycombinator.com Unknown 2026-01-06 22:26:45

Why your website should be under 14kB in size Why your website should be under 14kB in size Having a smaller website makes it load faster — that's not surprising. What is surprising is that a 14kB page can load much faster than a 15kB page — maybe 612ms faster — while the difference between a 15kB and a 16kB page is trivial. This is because of the TCP slow start algorithm. This article will cover what that is, how it works, and why you should care. But first we'll quickly go over some of the

Topics: 14kb packets satellite server tcp

Shop Amazon

Debcraft – Easiest way to modify and build Debian packages

news.ycombinator.com Unknown 2026-01-07 00:04:31

Debian packaging is notoriously hard. Far too many new contributors give up while trying, and many long-time contributors leave due to burnout from having to do too many thankless maintenance tasks. Some just skip testing their changes properly because it feels like too much toil. Debcraft is my attempt to solve this by automating all the boring stuff, and making it easier to learn the correct practices and helping new and old packagers better track changes in both source code and build artifac

Topics: build debcraft debian package packaging

Shop Amazon

Arch Linux pulls AUR packages that installed Chaos RAT malware

bleepingcomputer.com Unknown 2026-01-07 15:12:39

Arch Linux has pulled three malicious packages uploaded to the Arch User Repository (AUR) were used to install the CHAOS remote access trojan (RAT) on Linux devices. The packages were named "librewolf-fix-bin", "firefox-patch-bin", and "zen-browser-patched-bin," and were uploaded by the same user, "danikpapas," on July 16. The packages were removed two days later by the Arch Linux team after being flagged as malicious by the community. "On the 16th of July, at around 8pm UTC+2, a malicious AU

Topics: arch aur linux packages repository

Shop Amazon

Firefox-patch-bin, librewolf-fix-bin AUR packages contain malware

news.ycombinator.com Unknown 2026-01-08 10:48:48

On the 16th of July, at around 8pm UTC+2, a malicious AUR package was uploaded to the AUR. Two other malicious packages were uploaded by the same user a few hours later. These packages were installing a script coming from the same GitHub repository that was identified as a Remote Access Trojan (RAT). The affected malicious packages are: - librewolf-fix-bin - firefox-patch-bin - zen-browser-patched-bin The Arch Linux team addressed the issue as soon as they became aware of the situation. As of to

Topics: aur bin malicious packages uploaded

Shop Amazon

TCP-in-UDP Solution (eBPF)

news.ycombinator.com Matthieu Baerts 2026-01-06 09:59:08

The MPTCP protocol is complex, mainly to be able to survive on the Internet where middleboxes such as NATs, firewalls, IDS or proxies can modify parts of the TCP packets. Worst case scenario, an MPTCP connection should fallback to “plain” TCP. Today, such fallbacks are rarer than before – probably because MPTCP has been used since 2013 on millions of Apple smartphones worldwide – but they can still exist, e.g. on some mobile networks using Performance Enhancing Proxies (PEPs) where MPTCP connect

Topics: checksum data packet tcp udp

Shop Amazon

Best MagSafe battery packs 2025: I tested the best options to boost your phone's battery

zdnet.com Kayla Solino 2026-01-10 20:29:51

MagSafe accessories like MagSafe wallets can upgrade our phones from basic to better. When our phones need a battery boost, most of us can't stay tethered to a wall outlet. Thankfully, with MagSafe battery packs, you don't have to. The battery market is packed with options that can boost your phone's battery life on the go. From portable power banks to wireless charging stations, there's something for everyone. I've personally tested over a dozen MagSafe battery packs from brands like Torras an

Topics: 000mah battery charging magsafe pack

Shop Amazon

How I lost my backpack with passports and laptop

news.ycombinator.com The Irrationalist 2026-01-12 20:35:35

“It's only after we've lost everything that we're free to do anything.” I hadn’t lost everything — just my backpack with two passports and my laptop — so I became only a little freer. This story happened three months ago. It is an embarrassing story. It is embarrassing and difficult to tell — but that's exactly why I'm telling it to you. *** Sunday morning. I woke up at a small table in the entrance hall of some house in London — no idea which one, but definitely not mine. The last thing I re

Topics: alcohol backpack just phenibut time

Shop Amazon

How I Lost My Backpack with Passports and Laptop

news.ycombinator.com The Irrationalist 2026-01-13 02:35:35

“It's only after we've lost everything that we're free to do anything.” I hadn’t lost everything — just my backpack with two passports and my laptop — so I became only a little freer. This story happened three months ago. It is an embarrassing story. It is embarrassing and difficult to tell — but that's exactly why I'm telling it to you. *** Sunday morning. I woke up at a small table in the entrance hall of some house in London — no idea which one, but definitely not mine. The last thing I re

Topics: alcohol backpack just phenibut time

Shop Amazon

I found a better way to transfer files between Android and Linux - and it's free

zdnet.com Jack Wallen 2026-01-15 03:17:00

nailzchap/Getty Images I often need to send a file from my Pop!_OS Linux desktop to my Android device. Over the years, I've found a variety of solutions, but this latest option -- called Packet -- makes transferring files between Linux and Android a breeze. Packet works with Quick Share. The only requirement is that both desktop and mobile devices be on the same wireless network. Also: Two new Android 16 security features protect you better - how to switch them on now Let me show you how to

Topics: android file files linux packet

Shop Amazon

North Korean XORIndex malware hidden in 67 malicious npm packages

bleepingcomputer.com Unknown 2026-01-16 20:47:09

North Korean threat actors planted 67 malicious packages in the Node Package Manager (npm) online repository to deliver a new malware loader called XORIndex to developer systems. The packages collectively count more than 17,000 downloads and were discovered by researchers at package security platform Socket, who assess them to be part of the continued Contagious Interview operation. Socket researchers say that the campaign follows threat activity detected since April. Last month, the same acto

Topics: loader malware npm packages researchers

Shop Amazon

'Starter packs' have played a central role in Bluesky's rapid growth

news.ycombinator.com Unknown 2026-01-20 14:22:40

“Vital onboarding strategy for the emerging social media systems” “Our findings go beyond Bluesky: they point to a new framework for launching successful social platforms,” said Dr Onur Ascigil, Lecturer in Computer Science at Lancaster University and Principal Investigator of the study. “Starter packs are becoming a vital onboarding strategy for the emerging social media systems that are seeking to attract users from dominant platforms.” The researchers believe their findings could help platfo

Topics: bluesky packs researchers starter users

Shop Amazon

Dict Unpacking in Python

news.ycombinator.com Unknown 2026-01-16 21:05:03

mom can we have dict unpacking in python? we have dict-unpacking-at-home please don't use this no seriously. I do not need another joke package of mine to be deemed "critical" to pypi 1 ok how do I use it pip install dict-unpacking-at-home add # -*- coding: dict-unpacking-at-home -*- to the top of your file (second line if you have a shebang) enjoy! # -*- coding: dict-unpacking-at-home -*- dct = { 'greeting' : 'hello' , 'thing' : 'world' } { greeting , thing } = dct print ( greeting , gree

Topics: dct dict greeting home unpacking

Shop Amazon

Amazon Prime Day Live: We're Dropping Deals Every 15 Minutes

wired.com Kat Merck 2026-01-23 09:14:37

Are you a coffee paste person? You might be! Several people are—mostly ultralight backpackers. I am not. Or at least I don't think I am based on three cups made with this Swiss startup's unique product. The only flavor is bitterness, and it turns a weird grey color with a splash of milk. But then again, I have so far only tested it in my kitchen against a delicious AeroPress cup and not in the wild after carrying its 5 ounces for 15 miles up and down hills. I do not want to reveal too many of

Topics: 13 20 backpacking people tube

Shop Amazon

How to Watch Samsung Unpacked for the Galaxy Z Fold 7 and Z Flip 7 Debut

cnet.com See Full Bio 2026-01-28 04:41:07

After weeks of leaks and online teases, Samsung's Unpacked event is happening today. We expect to see replacements for the Galaxy Z Fold 6 and Galaxy Z Flip 6 and perhaps the successor to the Galaxy Watch 7. Here's what you can expect and how to tune in not only to the event, but also CNET's Samsung Galaxy Unpacked live blog and a live show, which will cover all the final rumors and big reveals as they happen. When is Samsung Galaxy Unpacked 2025? How to watch the livestream Samsung's summer U

Topics: flip galaxy samsung unpacked watch

Shop Amazon

Samsung Galaxy Unpacked preview: Massive leaks suggest we can expect Z Fold 7, Z Flip 7 and more

engadget.com Unknown 2026-01-28 10:21:02

Samsung has announced that its next Galaxy Unpacked event will be taking place on July 9 at 10AM ET. This is the third major Unpacked event of the year, following launches of the Galaxy S25 series in January and, more recently, a virtual unveiling of the Galaxy S25 Edge. This time, if previous years are any indication, the company should be showing off new foldables and wearables. A lot of it may be business as usual, but the company has hinted that some possibly exciting new additions are in t

Topics: fold galaxy new samsung unpacked

Shop Amazon

What to expect from Samsung Unpacked today: Galaxy Z Fold 7, Watch 8 Classic, tri-foldable, more

zdnet.com Kerry Wan 2026-01-28 23:00:14

Kerry Wan/ZDNET Three things are certain when July comes along: backyard barbecues, fireworks past midnight, and Samsung Unpacked. Just last month, Samsung confirmed that the next Unpacked event will take place today, Wednesday, July 9, in Brooklyn, New York. This follows the host cities of Paris, France, and Seoul, South Korea, over the past two years -- with the company suggesting that it's chosen Brooklyn for its "bold ideas, creativity, and culture." Also: The best Samsung phones to buy i

Topics: event galaxy phone samsung unpacked

Shop Amazon

Deal: Get 4 Apple AirTag trackers for just $64.99

androidauthority.com Unknown 2026-01-29 10:14:53

Eric Zeman / Android Authority Do you keep losing your stuff? If you have an iPhone, you should definitely invest in some Apple AirTag trackers. Right now, they are at a low price of $64.99 for a 4-pack! Buy the Apple AirTag 4-Pack for just $64.99 ($34.01 off) This offer is available from Amazon. Keep in mind this is not officially part of Prime Day (though likely influenced by it). As such, you need no Amazon Prime subscription to access this deal. Just throw it in your cart and check out! A

Topics: airtag airtags apple just pack

Shop Amazon

It's Nearly Time for Samsung's Galaxy Z Fold 7 and Z Flip 7 Debut: How to Watch the Unpacked Event

cnet.com See Full Bio 2026-01-29 14:45:00

Samsung's Unpacked event may just introduce the next generation of foldable Galaxy Z phones to replace the Galaxy Z Fold 6 and Galaxy Z Flip 6 (if the company's multiple teases are to be believed). Samsung is also expected to unveil the successor to the Galaxy Watch 7. The event happens tomorrow. Here's what you can expect and how to tune in. CNET is also hosting a Samsung Galaxy Unpacked live blog and a live show, which will cover all the final rumors and big reveals as they happen. When is Sa

Topics: fold galaxy samsung unpacked watch

Shop Amazon

Latest Tech News

Supply-chain attacks on open source software are getting out of hand

Open source repositories are seeing a rash of supply-chain attacks

Hackers breach Toptal GitHub account, publish malicious npm packages

Thawing vacuum-packed fish correctly (2024)

NPM package ‘is’ with 2.8M weekly downloads infected devs with malware

npm 'accidentally' removes Stylus package, breaks builds and pipelines

The Must-Have Exclusives From San Diego Comic-Con 2025

OSS Rebuild: open-source, rebuilt to last

OSS Rebuild: open-source, Rebuilt to Last

Installing apps on Linux? 4 ways it's different than any other OS - and mistakes to avoid

T-Mobile is bringing low-latency tech to 5G for the first time

A 14kb page can load much faster than a 15kb page (2022)

Why your website should be under 14kB in size

Debcraft – Easiest way to modify and build Debian packages

Arch Linux pulls AUR packages that installed Chaos RAT malware

Firefox-patch-bin, librewolf-fix-bin AUR packages contain malware

TCP-in-UDP Solution (eBPF)

Best MagSafe battery packs 2025: I tested the best options to boost your phone's battery

How I lost my backpack with passports and laptop

How I Lost My Backpack with Passports and Laptop

I found a better way to transfer files between Android and Linux - and it's free

North Korean XORIndex malware hidden in 67 malicious npm packages

'Starter packs' have played a central role in Bluesky's rapid growth

Dict Unpacking in Python

Amazon Prime Day Live: We're Dropping Deals Every 15 Minutes

How to Watch Samsung Unpacked for the Galaxy Z Fold 7 and Z Flip 7 Debut

Samsung Galaxy Unpacked preview: Massive leaks suggest we can expect Z Fold 7, Z Flip 7 and more

What to expect from Samsung Unpacked today: Galaxy Z Fold 7, Watch 8 Classic, tri-foldable, more

Deal: Get 4 Apple AirTag trackers for just $64.99

It's Nearly Time for Samsung's Galaxy Z Fold 7 and Z Flip 7 Debut: How to Watch the Unpacked Event

About GoKawiil

Privacy

Advertising

Latest Tech News

Trending Topics

Hot Now

Popular

Emerging

About GoKawiil

Privacy

Advertising