Latest Tech News

Stay updated with the latest in technology, AI, cybersecurity, and more

Filtered by: pack Clear Filter

Tinycolor supply chain attack post-mortem

news.ycombinator.com Scott Cooper 2025-09-20 05:18:38

A malicious GitHub Actions workflow was pushed to a shared repo and exfiltrated a npm token with broad publish rights. The attacker then used that token to publish malicious versions of 20 packages, including @ctrl/tinycolor . My GitHub account, the @ctrl/tinycolor repository were not directly compromised. There was no phishing involved, and no malicious packages were installed on my machine and I already use pnpm to avoid unapproved postinstall scripts. There was no pull request involved becau

Topics: github malicious npm packages versions
Read More
Shop Amazon

You absolutely should not buy Apple’s iPhone Air MagSafe battery pack

engadget.com Unknown 2025-09-20 21:10:09

Apple released its thinnest phone yet last week, the iPhone Air, and revealed the new iPhone Air MagSafe Battery alongside it. The existence of a specially-made battery pack wasn’t a big surprise to me, because there had been rumors of the iPhone Air for months leading up to the event. Everyone was prepared for the thinnest iPhone ever to make some battery life sacrifices to achieve its svelte design. However, what was a surprise to me was how much Apple leaned on the new battery during the iPh

Topics: air apple battery iphone pack
Read More
Shop Amazon

CrowdStrike Infested With "Self-Replicating Worms"

futurism.com Unknown 2025-09-21 12:00:07

A year after a glitch at cybersecurity company CrowdStrike triggered a global computer outage affecting millions of computers, the software vendor is being forced to contain a new threat: a swarm of self-replicating worms. As first reported by investigative cybersecurity journalist Brian Krebs, CrowdStrike once again became the launchpad for a potentially debilitating security hazard when some 25 code packages were compromised by a novel strand of malware. Dubbed "Shai-Hulud," the malicious so

Topics: crowdstrike infected npm packages software
Read More
Shop Amazon

Shai-Hulud malware attack: Tinycolor and over 40 NPM packages compromised

news.ycombinator.com Unknown 2025-09-21 21:22:03

Executive Summary The NPM ecosystem is facing another critical supply chain attack. The popular @ctrl/tinycolor package, which receives over 2 million weekly downloads, has been compromised along with more than 40 other packages across multiple maintainers. This attack demonstrates a concerning evolution in supply chain threats - the malware includes a self-propagating mechanism that automatically infects downstream packages, creating a cascading compromise across the ecosystem. The compromised

Topics: 20 community github npm packages
Read More
Shop Amazon

Live Updates: Shai-Hulud, the Most Dangerous NPM Breach in History

news.ycombinator.com Idan Dardikman 2025-09-22 09:26:32

We are tracking the largest and most dangerous npm supply-chain compromise in history, known as the Shai-Hulud malware campaign, which has now impacted hundreds of packages across multiple maintainers. This includes popular libraries such as @ctrl/tinycolor as well as packages maintained by CrowdStrike. Malicious versions embed a trojanized script (bundle.js) designed to steal developer credentials, exfiltrate secrets, and persist in repositories and endpoints through automated workflows. The ta

Topics: github hulud npm packages shai
Read More
Shop Amazon

Self-propagating supply chain attack hits 187 npm packages

bleepingcomputer.com Unknown 2025-09-22 17:46:43

Security researchers have identified at least 187 npm packages compromised in an ongoing supply chain attack, with a malicious self-propagating payload to infect other packages. The coordinated worm-style campaign dubbed 'Shai-Hulud' started yesterday with the compromise of the @ctrl/tinycolor npm package, which receives over 2 million weekly downloads. Since then, the campaign has expanded significantly and now includes packages published under CrowdStrike's npm namespace. From tinycolor to

Topics: attack chain compromised npm packages
Read More
Shop Amazon

Self-Replicating Worm Hits 180+ Software Packages

krebsonsecurity.com Unknown 2025-09-23 01:08:02

At least 187 code packages made available through the JavaScript repository NPM have been infected with a self-replicating worm that steals credentials from developers and publishes those secrets on GitHub, experts warn. The malware, which briefly infected multiple code packages from the security vendor CrowdStrike, steals and publishes even more credentials every time an infected package is installed. The novel malware strain is being dubbed Shai-Hulud — after the name for the giant sandworms

Topics: attack code npm packages said
Read More
Shop Amazon

Self Propagating NPM Malware Compromises over 40 Packages

news.ycombinator.com Unknown 2025-09-23 18:22:03

Executive Summary The NPM ecosystem is facing another critical supply chain attack. The popular @ctrl/tinycolor package, which receives over 2 million weekly downloads, has been compromised along with more than 40 other packages across multiple maintainers. This attack demonstrates a concerning evolution in supply chain threats - the malware includes a self-propagating mechanism that automatically infects downstream packages, creating a cascading compromise across the ecosystem. The compromised

Topics: aws github npm packages secrets
Read More
Shop Amazon

Which NPM package has the largest version number?

news.ycombinator.com Unknown 2025-09-25 23:03:18

Which npm package has the largest version number? I spent way too much time on this I was recently working on a project that uses the AWS SDK for JavaScript. When updating the dependencies in said project, I noticed that the version of that dependency was v3.888.0 . Eight hundred eighty eight. That’s a big number as far as versions go. That got me thinking: I wonder what package in the npm registry has the largest number in its version. It could be a major, minor, or patch version, and it doe

Topics: const number package packages versions
Read More
Shop Amazon

Tesla board chair calls debate over Elon Musk’s $1T pay package ‘a little bit weird’

techcrunch.com Anthony Ha 2025-09-25 18:33:34

In Brief With Tesla shareholders set to vote on a proposed 10-year, $1 trillion compensation package for CEO Elon Musk in November, board chair Robyn Denholm spoke to The New York Times to defend what would be the largest pay package in corporate history. Denholm, who was also on the special committee that put the compensation proposal together, argued that Musk needs to be motivated by extraordinary challenges tied to extraordinary compensation. At the same time, she suggested he’s less inter

Topics: compensation denholm musk package tesla
Read More
Shop Amazon

Nintendo is bringing back the Virtual Boy as a Switch and Switch 2 accessory

engadget.com Unknown 2025-09-27 09:00:37

Nintendo had a truly wild surprise up its sleeve for Switch Online + Expansion Pack during its Direct event on Friday. The company is bringing back the Virtual Boy as a physical device into which you can slot your Switch or Switch 2. A plastic replica of the mid-90s tabletop system will soon be available for Switch Online members to buy. The company will sell a cardboard version of the accessory too. No need to rub your eyes in disbelief (but if history is any indication, you might have to for r

Topics: boy games pack switch virtual
Read More
Shop Amazon

Behind the scenes of Bun Install

news.ycombinator.com Unknown 2025-09-28 19:39:29

Running bun install is fast, very fast. On average, it runs ~7× faster than npm, ~4× faster than pnpm, and ~17× faster than yarn. The difference is especially noticeable in large codebases. What used to take minutes now takes (milli)seconds. These aren't just cherry-picked benchmarks. Bun is fast because it treats package installation as a systems programming problem, not a JavaScript problem. In this post we’ll explore what that means: from minimizing syscalls and caching manifests as binary,

Topics: bun data file memory package
Read More
Shop Amazon

Behind the Scenes of Bun Install

news.ycombinator.com Unknown 2025-09-30 01:39:29

Running bun install is fast, very fast. On average, it runs ~7× faster than npm, ~4× faster than pnpm, and ~17× faster than yarn. The difference is especially noticeable in large codebases. What used to take minutes now takes (milli)seconds. These aren't just cherry-picked benchmarks. Bun is fast because it treats package installation as a systems programming problem, not a JavaScript problem. In this post we’ll explore what that means: from minimizing syscalls and caching manifests as binary,

Topics: bun data file memory package
Read More
Shop Amazon

Hackers left empty-handed after massive NPM supply-chain attack

bleepingcomputer.com Unknown 2025-10-01 13:56:15

The largest supply-chain compromise in the history of the NPM ecosystem has impacted roughly 10% of all cloud environments, but the attacker made little profit off it. The attack occurred earlier this week after maintainer Josh Junon (qix) fell for a password reset phishing lure and compromised multiple highly popular NPM packages, among them chalk and degub-js, that cumulatively have more than 2.6 billion weekly downloads. After gaining access to Junon’s account, the attackers pushed maliciou

Topics: attack cloud environments malicious packages
Read More
Shop Amazon

The iPhone Air’s battery pack is slim, but not as slim as the iPhone Air

theverge.com Jacob Kastrenakes 2025-10-03 09:43:43

Apple’s chunky old MagSafe Battery Pack was beloved by a subset of iPhone owners, and now the company is bringing it back and slimming it down for the iPhone Air. I took a first look at the battery pack this afternoon, and it has a significantly slimmer design than the old version. This version of the battery pack is thinner and longer, stretching as far across the back of the phone as it can before bumping into the camera bar. Slimming it down reduces the potential battery size, but it makes t

Topics: air battery iphone pack phone
Read More
Shop Amazon

Tesla revamps the Megapack in attempt to reverse its declining storage business

techcrunch.com Tim De Chant 2025-10-04 01:10:55

Tesla is updating its utility-scale Megapack batteries as it seeks to stem the decline of its lucrative energy storage business. The new battery product known as Megapack 3, which Tesla revealed late Monday, are a bid to lure utilities and data center developers that are desperate for power. Megapack 3 stores around 1 megawatt-hour more electricity than Tesla’s largest existing offering and promises a longer lifespan. Tesla also introduced Megablock, a grouping of four Megapack 3 units that ca

Topics: energy growth megapack storage tesla
Read More
Shop Amazon

Tesla says its new Megablock can cut costs for renewable energy storage.

theverge.com Justine Calma 2025-10-04 05:43:03

is a senior science reporter covering energy and the environment with more than a decade of experience. She is also the host of Hell or High Water: When Disaster Hits Home , a podcast from Vox Media and Audible Originals. Posts from this author will be added to your daily email digest and your homepage feed. At an event in Las Vegas yesterday, Tesla revealed a new utility-scale battery configuration that it claims can significantly lower construction costs for utilities, along with faster inst

Topics: battery event megapack percent tesla
Read More
Shop Amazon

This 2FA phishing scam pwned a developer - and endangered billions of npm downloads

zdnet.com Charlie Osborne 2025-10-04 09:06:38

Elyse Betters Picaro / ZDNET Follow ZDNET: Add us as a preferred source on Google. ZDNET's key takeaways A phishing email was at the heart of the attack. NPM team quickly removed backdoored versions. 18 packages hit, with 2B+ downloads every week. A new digital supply chain attack has targeted popular open-source npm packages with at least two billion downloads per week. 'I've been pwned' On Sept. 8, Josh Junon, a package maintainer whose account was at the center of the attack, revealed

Topics: email junon npm packages phishing
Read More
Shop Amazon

Massive Supply Chain Attack Targets Cryptocurrencies Through NPM

gizmodo.com Lucas Ropek 2025-10-04 17:50:00

A phishing attack aimed at a particular software maintainer’s account has managed to compromise software packages that have over 2.6 billion weekly downloads. BleepingComputer, noting that the infection is being called the “largest supply chain attack in history.” The developer behind the software packages, identified as Josh Junon, was compromised via a phishing scheme targeting several blockchains, including Ethereum, Bitcoin, Solana, and Tron, The Register reports. Junon has been posting abo

Topics: account junon npm packages software
Read More
Shop Amazon

Software packages with more than 2 billion weekly downloads hit in supply-chain attack

arstechnica.com Unknown 2025-10-05 01:37:04

Hackers planted malicious code in open source software packages with more than 2 billion weekly updates in what is likely to be the world’s biggest supply-chain attack ever. The attack, which compromised nearly two dozen packages hosted on the npm repository, came to public notice on Monday in social media posts. Around the same time, Josh Junon, a maintainer or co-maintainer of the affected packages, said he had been “pwned” after falling for an email that claimed his account on the platform w

Topics: code junon npm packages time
Read More
Shop Amazon

A critique of package managers

news.ycombinator.com Unknown 2025-10-05 09:18:55

Package Managers are Evil n.b. This is a written version of a dialogue from a YouTube video: 2 Language Creators vs 2 Idiots | The Standup Package managers (for programming languages) are evil. To start, I need to make a few distinctions between concepts a lot of programmers mix up: A package Package Repositories Build Systems Package Managers These are all separate and can have no relation to one another. I have nothing wrong with packages, in fact Odin has packages built into the langu

Topics: code hell managers package people
Read More
Shop Amazon

Should you buy rechargeable batteries in 2025? These USB-C ones say yes

zdnet.com Adrian Kingsley-Hughes 2025-10-07 09:53:00

Paleblue rechargable lithium ion batteries ZDNET's key takeaways These batteries are a perfect replacement for alkaline batteries in pretty much every situation I like that can be recharged from a USB port and don't need a specific charger The USB-A connector in the end of the 4-way charge cable does feel a bit dated View now at Amazon Follow ZDNET: Add us as a preferred source on Google. It's almost 2026, and yes, we still need batteries. But it no longer makes financial or ecological sense

Topics: batteries charge need pack usb
Read More
Shop Amazon

Are rechargeable batteries still worth buying in 2025? These USB-C ones say yes

zdnet.com Adrian Kingsley-Hughes 2025-10-06 19:00:20

Paleblue rechargable lithium ion batteries ZDNET's key takeaways These batteries are a perfect replacement for alkaline batteries in pretty much every situation I like that can be recharged from a USB port and don't need a specific charger The USB-A connector in the end of the 4-way charge cable does feel a bit dated View now at Amazon Follow ZDNET: Add us as a preferred source on Google. It's almost 2026, and yes, we still need batteries. But it no longer makes financial or ecological sense

Topics: batteries charge need pack usb
Read More
Shop Amazon

Tesla's board to Elon Musk: Hit these milestones, and we'll make you a trillionaire

engadget.com Unknown 2025-10-06 13:09:14

It's September 2025, and things are looking peachy keen. Sure, the US job market has taken a nosedive. And yeah, only one in four Americans believes they have a good chance of improving their standard of living. But hey, Tesla's board has proposed a pay package that could make Elon Musk the world's first trillionaire. What really matters is that someone is having a good time, right? Tesla's board laid out what's by far the biggest CEO compensation package in history on Friday. It reads like the

Topics: company elon musk package tesla
Read More
Shop Amazon

These are the only USB-C rechargeable batteries you should consider buying

zdnet.com Adrian Kingsley-Hughes 2025-10-08 09:00:00

Paleblue rechargable lithium ion batteries ZDNET's key takeaways These batteries are a perfect replacement for alkaline batteries in pretty much every situation I like that can be recharged from a USB port and don't need a specific charger The USB-A connector in the end of the 4-way charge cable does feel a bit dated View now at Amazon Follow ZDNET: Add us as a preferred source on Google. It's almost 2026, and yes, we still need batteries. But it no longer makes financial or ecological sense

Topics: batteries charge need pack usb
Read More
Shop Amazon

Neovim Pack

news.ycombinator.com Unknown 2025-10-11 12:18:16

Pack Nvim :help pages, generated from source using the tree-sitter-vimdoc parser. Extending Nvim Using Vim packages be downloaded as an archive and unpacked in its own directory, so the files are not mixed with files of other plugins. be a git, mercurial, etc. repository, thus easy to update. contain multiple plugins that depend on each other. contain plugins that are automatically loaded on startup ("start" packages, located in "pack/*/start/*") and ones that are only loaded when needed wit

Topics: foo pack plugin plugins vim
Read More
Shop Amazon

Nuclear: Desktop music player focused on streaming from free sources

news.ycombinator.com Unknown 2025-10-13 00:54:12

Desktop music player focused on streaming from free sources Links Official website Downloads Documentation Mastodon Twitter Support channel (Matrix): #nuclear:matrix.org Discord chat: https://discord.gg/JqPjKxE Suggest and vote on new features here: https://nuclear.featureupvote.com/ Readme translations: What is this? nuclear is a free music streaming program that pulls content from free sources all over the internet. If you know mps-youtube, this is a similar music player but with

Topics: https nuclear org packages player
Read More
Shop Amazon

The 79 Best Deals From REI’s 2025 Labor Day Sale

wired.com Scott Gilbertson 2025-10-13 16:47:48

REI's Labor Day sale ends tonight at midnight. Many items are up to 30 percent off, and REI Co-op members save 20 percent on any REI Outlet item (on top of the sale price). To get the member discount, add the promo code LABORDAY2025 at checkout. Many of the best REI deals are on the company's house brand gear, but we've also pulled in deals from competing sales at Backcountry, Mystery Ranch, Hyperlite Mountain Gear, Zenbivy, and other cottage industry retailers. Below are the best deals on all

Topics: best gear pack sleeping ve
Read More
Shop Amazon

Removing Guix from Debian

news.ycombinator.com Unknown 2025-10-15 07:49:40

Removing Guix from Debian [LWN subscriber-only content] As a rule, if a package is shipped with a Debian release, users can count on it being available, and updated, for the entire life of the release. If package foo is included in the stable release—currently Debian 13 ("trixie")—a user can reasonably expect that it will continue to be available with security backports as long as that release is supported, though it may not be included in Debian 14 ("forky"). However, it is likely that the Gui

Topics: debian guix package release said
Read More
Shop Amazon

Show HN: Simple modenized .NET NuGet server reached RC

news.ycombinator.com Unknown 2025-10-18 01:00:26

Simple modenized NuGet server implementation. (日本語はこちら) What is this? A simple NuGet server implementation built on Node.js that provides essential NuGet v3 API endpoints. Compatible with dotnet restore and standard NuGet clients for package publishing, querying, and manually downloading. A modern browser-based UI is also provided: You can refer to registered packages. You can check various package attributes. You can download packages by version. You can also publish (upload) packages.

Topics: json nuget package packages server
Read More
Shop Amazon
Trending Topics
Hot Now
ai 3593 apple 2988 new 2368 google 1995 content 1716
Popular
like 1483 company 1410 pro 1308 iphone 1134 app 1118 zdnet 1098 said 1046 data 1039 does 900 reviews 886
Emerging
editorial 865 amazon 854 game 803 samsung 768 phone 757 pixel 755 android 736 just 714 available 680 users 678
About GoKawiil

GoKawiil is a project by nerdhub.co that curates technology news from trusted sources. We built this site to provide a cleaner, more mobile-friendly experience without intrusive ads or heavy JavaScript.

Privacy

Your privacy matters. GoKawiil doesn't use Google Analytics or Facebook Pixel. The only tracking occurs through affiliate links to Amazon.

Advertising

Interested in advertising? Contact us at [email protected]