Latest Tech News

Stay updated with the latest in technology, AI, cybersecurity, and more

Filtered by: git Clear Filter

PyPI invalidates tokens stolen in GhostAction supply chain attack

bleepingcomputer.com Unknown 2025-09-19 04:09:09

The Python Software Foundation team has invalidated all PyPI tokens stolen in the GhostAction supply chain attack in early September, confirming that the threat actors didn't abuse them to publish malware. These tokens are used to publish packages on the Python Package Index (PyPI), a software repository that acts as the default source for Python's package management tools and hosts hundreds of thousands of packages. As PyPI admin Mike Fiedler explained, a GitGuardian employee reported on Sept

Topics: gitguardian github pypi python tokens
Read More
Shop Amazon

The Digital Version of ‘Twilight Imperium’ Will Save You *So* Much Clean Up Time

gizmodo.com James Whitbrook 2025-09-19 16:00:21

Twilight Imperium has had a rep for endurance almost since it was first introduced. A dense tabletop experience of spacebound strategy, it’s become the face of marathon-length board gaming as players spend hours after hours dictating their space operatic maneuvers through the medium of many, many, many little tokens and cards being shuffled and passed around the board. So, good news for people who’ve always been interested but daunted by those occasionally tall tales of just what an effort it ev

Topics: digital game imperium play twilight
Read More
Shop Amazon

You can hold on to your butts thanks to DNA that evolved in fish

arstechnica.com Unknown 2025-09-20 00:19:24

Evolution has adapted the digits of mammals for an enormous range of uses, from our opposable thumbs to the spindly digits that support bat wings to the robust bones that support the hoofs of horses. But how we got digits in the first place hasn't been entirely clear. The fish that limbed vertebrates evolved from don't have obvious digit equivalents, and the most common types of fish just have a large collection of rays supporting their fins. Despite this uncertainty, we have identified some ge

Topics: active digits end genes hox
Read More
Shop Amazon

Logitech adds new devices to its gaming accessories lineup

engadget.com Unknown 2025-09-20 16:01:38

Logitech hosted its annual G Play showcase today and unveiled a collection of new gaming peripherals. The lineup includes headsets, mice and a keyboard. The G Pro X Superlight 2c is an even more compact redesign of the company's Superlight 2 wireless mouse. This version weighs 51 grams and has up to 95 hours of battery life. It will be available on October 21 and will cost $160. Logitech's other new gaming mouse is the G Pro X Superstrike, which boasts a haptics system in its main click buttons

Topics: available battery hours life logitech
Read More
Shop Amazon

Logitech’s Pro X2 Superstrike offers haptic-based clicks and rapid trigger

theverge.com Cameron Faulkner 2025-09-20 16:01:00

is an editor covering deals and gaming hardware that he thinks you’ll like. He joined in 2018, and after a stint at Polygon, he rejoined The Verge in May 2025. Posts from this author will be added to your daily email digest and your homepage feed. Logitech’s next flagship wireless gaming mouse is ditching mechanical switches for an analog system equipped with haptics actuators to simulate the feeling of a click. The mouse is called the Pro X2 Superstrike, and it’s coming early next year for $1

Topics: gaming logitech mouse rapid trigger
Read More
Shop Amazon

From Qubits to Qubucks: Quantum Digital Currency

computer.org Laurel Tweed 2025-09-20 19:41:00

Quantum computing is often discussed in terms of its potential to revolutionize scientific discovery and to challenge cryptographic paradigms [1], but it could also change our relationship with money. By using quantum states, quantum currency could solve the double-spending problem and address throughput issues associated with distributed ledgers (blockchain), paving the way for the digital cash of the future. Digital Banking vs. Digital Currency To understand quantum currency, we should first

Topics: cash currency digital quantum transactions
Read More
Shop Amazon

Tinycolor supply chain attack post-mortem

news.ycombinator.com Scott Cooper 2025-09-20 20:18:38

A malicious GitHub Actions workflow was pushed to a shared repo and exfiltrated a npm token with broad publish rights. The attacker then used that token to publish malicious versions of 20 packages, including @ctrl/tinycolor . My GitHub account, the @ctrl/tinycolor repository were not directly compromised. There was no phishing involved, and no malicious packages were installed on my machine and I already use pnpm to avoid unapproved postinstall scripts. There was no pull request involved becau

Topics: github malicious npm packages versions
Read More
Shop Amazon

AT&T is launching a digital bouncer to block unwanted calls

androidauthority.com Unknown 2025-09-22 12:09:03

Edgar Cervantes / Android Authority TL;DR AT&T is testing out an agentic AI tool that can identify and filter out robocallers. The “digital receptionist” screens calls to determine if the caller is human, how urgent the call is, and whether it meets your customized criteria before passing the call to you. If the caller won’t identify themselves, it’s a wrong number, or the call doesn’t meet your criteria, the receptionist will either disconnect or take a message. Are you tired of being bothe

Topics: ai caller digital receptionist tool
Read More
Shop Amazon

Shai-Hulud malware attack: Tinycolor and over 40 NPM packages compromised

news.ycombinator.com Unknown 2025-09-22 12:22:03

Executive Summary The NPM ecosystem is facing another critical supply chain attack. The popular @ctrl/tinycolor package, which receives over 2 million weekly downloads, has been compromised along with more than 40 other packages across multiple maintainers. This attack demonstrates a concerning evolution in supply chain threats - the malware includes a self-propagating mechanism that automatically infects downstream packages, creating a cascading compromise across the ecosystem. The compromised

Topics: 20 community github npm packages
Read More
Shop Amazon

Live Updates: Shai-Hulud, the Most Dangerous NPM Breach in History

news.ycombinator.com Idan Dardikman 2025-09-23 00:26:32

We are tracking the largest and most dangerous npm supply-chain compromise in history, known as the Shai-Hulud malware campaign, which has now impacted hundreds of packages across multiple maintainers. This includes popular libraries such as @ctrl/tinycolor as well as packages maintained by CrowdStrike. Malicious versions embed a trojanized script (bundle.js) designed to steal developer credentials, exfiltrate secrets, and persist in repositories and endpoints through automated workflows. The ta

Topics: github hulud npm packages shai
Read More
Shop Amazon

Superhero Workplace Game ‘Dispatch’ Suits Up in October

gizmodo.com Justin Carter 2025-09-23 08:00:52

Developer AdHoc Studio revealed its debut game, Dispatch, will release on October 22 for Steam and PlayStation 5. Revealed at the 2024 Game Awards, the adventure title puts players in the shoes of Robbie Robertson, an ex-superhero who works at the Superhero Dispatch Network. As an SDN employee, Robbie deploys a team of supers to various crimes and events in the city, choosing which hero is best for the situation. Imagine Telltale’s The Walking Dead games mixed with some 9-1-1 (and superheroes,

Topics: dead digital dispatch easy game
Read More
Shop Amazon

Self Propagating NPM Malware Compromises over 40 Packages

news.ycombinator.com Unknown 2025-09-24 09:22:03

Executive Summary The NPM ecosystem is facing another critical supply chain attack. The popular @ctrl/tinycolor package, which receives over 2 million weekly downloads, has been compromised along with more than 40 other packages across multiple maintainers. This attack demonstrates a concerning evolution in supply chain threats - the malware includes a self-propagating mechanism that automatically infects downstream packages, creating a cascading compromise across the ecosystem. The compromised

Topics: aws github npm packages secrets
Read More
Shop Amazon

Pass: Unix Password Manager

news.ycombinator.com Unknown 2025-09-26 06:16:40

Introducing pass Password management should be simple and follow Unix philosophy. With pass , each password lives inside of a gpg encrypted file whose filename is the title of the website or resource that requires the password. These encrypted files may be organized into meaningful folder hierarchies, copied from computer to computer, and, in general, manipulated using standard command line file management utilities. pass makes managing these individual password files extremely easy. All passw

Topics: git pass password store zx2c4
Read More
Shop Amazon

Social media promised connection, but it has delivered exhaustion

news.ycombinator.com James O'Sullivan 2025-09-26 04:27:19

Credits James O’Sullivan lectures in the School of English and Digital Humanities at University College Cork, where his work explores the intersection of technology and culture. At first glance, the feed looks familiar, a seamless carousel of “For You” updates gliding beneath your thumb. But déjà‑vu sets in as 10 posts from 10 different accounts carry the same stock portrait and the same breathless promise — “click here for free pics” or “here is the one productivity hack you need in 2025.” Swi

Topics: content digital like platforms social
Read More
Shop Amazon

Crates.io phishing attempt

news.ycombinator.com Amos Wenger 2025-09-27 14:50:57

crates.io phishing attempt Sep 12, 2025 1 min Earlier this week, an npm supply chain attack. It’s turn for crates.io, the main public repository for Rust crates (packages). The phishing e-mail looks like this: And it leads to a GitHub login page that looks like this: Several maintainers received it — the issue is being discussed on GitHub. The crates.io team has acknowledged the attack and said they’d see if they can do something about it. No compromised packages have been identified as

Topics: 12 crates github io looks
Read More
Shop Amazon

Tether reveals USAT stablecoin, appoints Bo Hines, former White House advisor, to lead U.S. business

cnbc.com Tanaya Macheel 2025-09-27 20:49:36

Tether, the issuer of the largest stablecoin, has named a CEO for its U.S. business and is launching a new token for U.S. institutions. The moves underscore Tether's commitment to regulatory engagement and entry into the U.S. The company, once accused of being a criminal's "go-to cryptocurrency" has been rebranding itself as a partner to American lawmakers and law enforcement since pro-crypto President Donald Trump's return to the White House. Bo Hines, who headed the Presidential Council of A

Topics: digital new stablecoin tether token
Read More
Shop Amazon

Crates.io Phishing Attempt

news.ycombinator.com Amos Wenger 2025-09-27 19:50:57

crates.io phishing attempt Sep 12, 2025 1 min Earlier this week, an npm supply chain attack. It’s turn for crates.io, the main public repository for Rust crates (packages). The phishing e-mail looks like this: And it leads to a GitHub login page that looks like this: Several maintainers received it — the issue is being discussed on GitHub. The crates.io team has acknowledged the attack and said they’d see if they can do something about it. No compromised packages have been identified as

Topics: 12 crates github io looks
Read More
Shop Amazon

Top model scores may be skewed by Git history leaks in SWE-bench

news.ycombinator.com Unknown 2025-09-29 16:32:23

We've identified multiple loopholes with SWE Bench Verified where agents may look at future repository state (by querying it directly or through a variety of methods), and cases in which future repository state includes either solutions or detailed approaches to solving problems (commit messages and more). Examples: A trajectory with Claude 4 Sonnet, Pytest-dev__pytest-6202 (complete output here), the agent uses git log --all which leaks future commits that directly fix the issue: <antml:para

Topics: coder fix future git log
Read More
Shop Amazon

The origin story of merge queues

news.ycombinator.com Unknown 2025-10-01 16:43:43

From Bors and Homu to Bulldozer, Kodiak, Mergify, and now GitHub and GitLab, merge queues have shaped how we keep main branches green. This article traces their history, why they emerged, and how they became a standard in modern software development. If you use GitHub or GitLab today, merge queues feel like a built-in feature of modern development. But their story goes back over a decade, long before "merge queue" was a product term. It started with a simple problem: How do you keep your main

Topics: bors github main merge queue
Read More
Shop Amazon

The Origin Story of Merge Queues

news.ycombinator.com Unknown 2025-10-02 12:43:43

From Bors and Homu to Bulldozer, Kodiak, Mergify, and now GitHub and GitLab, merge queues have shaped how we keep main branches green. This article traces their history, why they emerged, and how they became a standard in modern software development. If you use GitHub or GitLab today, merge queues feel like a built-in feature of modern development. But their story goes back over a decade, long before "merge queue" was a product term. It started with a simple problem: How do you keep your main

Topics: bors github main merge queue
Read More
Shop Amazon

The blind box trend comes to tech with this tiny digital Kodak camera

theverge.com Andrew Liszewski 2025-10-02 12:52:43

is a senior reporter who’s been covering and reviewing the latest gadgets and tech since 2006, but has loved all things electronic since he was a kid. Posts from this author will be added to your daily email digest and your homepage feed. Everything from smartphones to handheld consoles now come in a variety of different colors, but what if you didn’t get to pick your favorite? That’s how the new Kodak Charmera is being sold. It’s a tiny digital camera released in seven different retro styles

Topics: charmera digital filters image kodak
Read More
Shop Amazon

Some thoughts on personal Git hosting

news.ycombinator.com Terence Eden 2025-09-29 19:01:55

As part of my ongoing (and somewhat futile) efforts to ReDeCentralise, I'm looking at moving my personal projects away from GitHub. I already have accounts with GitLab and CodeBerg - but both of those sites are run by someone else. While they're lovely now, there's nothing stopping them becoming as slow or AI-infested as GitHub. So I want to host my own Git instance for my personal projects. I'm experimenting with https://git.edent.tel/ It isn't quite self-hosted; I'm paying PikaPod €2/month t

Topics: git gitea github people want
Read More
Shop Amazon

Show HN: Downloading a folder from a repo using rust

news.ycombinator.com Unknown 2025-09-29 12:51:31

Git Down git-down lets you download one or multiple directories from a Git repository without the hassle of cloning or downloading the whole repository, with one simple command. Usage It's really easy to use. $ git-down -d < DESTINATION_DIRECTORY > < REPO_URL.git:branch > FILES The -d <DESTINATION_DIRECTORY> option above is optional. If not specified the files will be downloaded into a directory under the name of the target repository. We're using the bootstrap repo as an example for how t

Topics: bootstrap directory dist download git
Read More
Shop Amazon

Hackers steal 3,325 secrets in GhostAction GitHub supply chain attack

bleepingcomputer.com Unknown 2025-10-06 12:53:59

A new supply chain attack on GitHub, dubbed 'GhostAction,' has compromised 3,325 secrets, including PyPI, npm, DockerHub, GitHub tokens, Cloudflare, and AWS keys. The attack was discovered by GitGuardian researchers, who report that the first signs of compromise on one of the impacted projects, FastUUID, became evident on September 2, 2025. The attack involved leveraging compromised maintainer accounts to perform commits that added a malicious GitHub Actions workflow file that triggers automat

Topics: gitguardian github malicious secrets tokens
Read More
Shop Amazon

Indiana Jones and the Last Crusade Adventure Prototype Recovered for the C64

news.ycombinator.com Frank Gasking 2025-10-07 11:01:18

DISCLAIMER: We are a non-profit digitisation project, aiming to digitally preserve software and history which would otherwise be lost for good. If for any reason there is anything that you do not wish to be on the website, please contact us for removal. Games That Weren't® is the registered trademark of Frank Gasking.

Topics: aiming contact digitally digitisation disclaimer
Read More
Shop Amazon

AI-powered malware hit 2,180 GitHub accounts in “s1ngularity” attack

bleepingcomputer.com Unknown 2025-10-07 10:11:21

Investigations into the Nx "s1ngularity" NPM supply chain attack have unveiled a massive fallout, with thousands of account tokens and repository secrets leaked. According to a post-incident evaluation by Wiz researchers, the Nx compromise has resulted in the exposure of 2,180 accounts and 7,200 repositories across three distinct phases. Wiz also stressed that the incident's scope of impact remains significant, as many of the leaked secrets remain valid, and so the effect is still unfolding.

Topics: attack github nx secrets wiz
Read More
Shop Amazon

Let us git rid of it, angry GitHub users say of forced Copilot features

news.ycombinator.com Thomas Claburn 2025-10-07 11:44:07

Among the software developers who use Microsoft's GitHub, the most popular community discussion in the past 12 months has been a request for a way to block Copilot, the company's AI service, from generating issues and pull requests in code repositories. The second most popular discussion – where popularity is measured in upvotes – is a bug report that seeks a fix for the inability of users to disable Copilot code reviews. Both of these questions, the first opened in May and the second opened a

Topics: code copilot github microsoft said
Read More
Shop Amazon
Trending Topics
Hot Now
ai 3603 apple 2996 new 2376 google 2002 content 1719
Popular
like 1484 company 1413 pro 1310 iphone 1142 app 1119 zdnet 1103 said 1051 data 1044 does 902 reviews 888
Emerging
editorial 867 amazon 855 game 805 samsung 771 phone 759 pixel 755 android 740 just 716 available 681 users 681
About GoKawiil

GoKawiil is a project by nerdhub.co that curates technology news from trusted sources. We built this site to provide a cleaner, more mobile-friendly experience without intrusive ads or heavy JavaScript.

Privacy

Your privacy matters. GoKawiil doesn't use Google Analytics or Facebook Pixel. The only tracking occurs through affiliate links to Amazon.

Advertising

Interested in advertising? Contact us at [email protected]