Latest Tech News

Stay updated with the latest in technology, AI, cybersecurity, and more

Filtered by: pm Clear Filter

Pnpm has a new setting to stave off supply chain attacks

news.ycombinator.com Zoltan Kochan 2025-09-18 17:12:56

There have been several incidents recently where popular packages were successfully attacked. To reduce the risk of installing a compromised version, we are introducing a new setting that delays the installation of newly released dependencies. In most cases, such attacks are discovered quickly and the malicious versions are removed from the registry within an hour. The new setting is called minimumReleaseAge . It specifies the number of minutes that must pass after a version is published before

Topics: dependencies finder license pnpm react
Read More
Shop Amazon

Tinycolor supply chain attack post-mortem

news.ycombinator.com Scott Cooper 2025-09-20 00:18:38

A malicious GitHub Actions workflow was pushed to a shared repo and exfiltrated a npm token with broad publish rights. The attacker then used that token to publish malicious versions of 20 packages, including @ctrl/tinycolor . My GitHub account, the @ctrl/tinycolor repository were not directly compromised. There was no phishing involved, and no malicious packages were installed on my machine and I already use pnpm to avoid unapproved postinstall scripts. There was no pull request involved becau

Topics: github malicious npm packages versions
Read More
Shop Amazon

Oh no, not again a meditation on NPM supply chain attacks

news.ycombinator.com Unknown 2025-09-21 03:57:50

I’ve been sitting on this article for a while now – well over a year I’ve put off publishing it – but as we’ve seen this week, the time has come to lift the veil and say the quiet part out loud: It’s 2025; Microsoft should be considered a “bad actor” and a threat to all companies who develop software. Of course, if you’re old enough to remember – this is not the first time either… Time is a flat circle Here we are again – in 2025, Microsoft have fucked up so bad, they have likely created an

Topics: microsoft npm run software time
Read More
Shop Amazon

CrowdStrike Infested With "Self-Replicating Worms"

futurism.com Unknown 2025-09-21 07:00:07

A year after a glitch at cybersecurity company CrowdStrike triggered a global computer outage affecting millions of computers, the software vendor is being forced to contain a new threat: a swarm of self-replicating worms. As first reported by investigative cybersecurity journalist Brian Krebs, CrowdStrike once again became the launchpad for a potentially debilitating security hazard when some 25 code packages were compromised by a novel strand of malware. Dubbed "Shai-Hulud," the malicious so

Topics: crowdstrike infected npm packages software
Read More
Shop Amazon

Shai-Hulud malware attack: Tinycolor and over 40 NPM packages compromised

news.ycombinator.com Unknown 2025-09-21 16:22:03

Executive Summary The NPM ecosystem is facing another critical supply chain attack. The popular @ctrl/tinycolor package, which receives over 2 million weekly downloads, has been compromised along with more than 40 other packages across multiple maintainers. This attack demonstrates a concerning evolution in supply chain threats - the malware includes a self-propagating mechanism that automatically infects downstream packages, creating a cascading compromise across the ecosystem. The compromised

Topics: 20 community github npm packages
Read More
Shop Amazon

Live Updates: Shai-Hulud, the Most Dangerous NPM Breach in History

news.ycombinator.com Idan Dardikman 2025-09-22 04:26:32

We are tracking the largest and most dangerous npm supply-chain compromise in history, known as the Shai-Hulud malware campaign, which has now impacted hundreds of packages across multiple maintainers. This includes popular libraries such as @ctrl/tinycolor as well as packages maintained by CrowdStrike. Malicious versions embed a trojanized script (bundle.js) designed to steal developer credentials, exfiltrate secrets, and persist in repositories and endpoints through automated workflows. The ta

Topics: github hulud npm packages shai
Read More
Shop Amazon

Self-propagating supply chain attack hits 187 npm packages

bleepingcomputer.com Unknown 2025-09-22 12:46:43

Security researchers have identified at least 187 npm packages compromised in an ongoing supply chain attack, with a malicious self-propagating payload to infect other packages. The coordinated worm-style campaign dubbed 'Shai-Hulud' started yesterday with the compromise of the @ctrl/tinycolor npm package, which receives over 2 million weekly downloads. Since then, the campaign has expanded significantly and now includes packages published under CrowdStrike's npm namespace. From tinycolor to

Topics: attack chain compromised npm packages
Read More
Shop Amazon

Self-Replicating Worm Hits 180+ Software Packages

krebsonsecurity.com Unknown 2025-09-22 20:08:02

At least 187 code packages made available through the JavaScript repository NPM have been infected with a self-replicating worm that steals credentials from developers and publishes those secrets on GitHub, experts warn. The malware, which briefly infected multiple code packages from the security vendor CrowdStrike, steals and publishes even more credentials every time an infected package is installed. The novel malware strain is being dubbed Shai-Hulud — after the name for the giant sandworms

Topics: attack code npm packages said
Read More
Shop Amazon

Self Propagating NPM Malware Compromises over 40 Packages

news.ycombinator.com Unknown 2025-09-23 13:22:03

Executive Summary The NPM ecosystem is facing another critical supply chain attack. The popular @ctrl/tinycolor package, which receives over 2 million weekly downloads, has been compromised along with more than 40 other packages across multiple maintainers. This attack demonstrates a concerning evolution in supply chain threats - the malware includes a self-propagating mechanism that automatically infects downstream packages, creating a cascading compromise across the ecosystem. The compromised

Topics: aws github npm packages secrets
Read More
Shop Amazon

China rules that Nvidia violated its antitrust laws

arstechnica.com Unknown 2025-09-25 08:30:55

A Chinese regulator has found Nvidia violated the country’s antitrust law, in a preliminary finding against the world’s most valuable chipmaker. Nvidia had failed to fully comply with provisions outlined when it acquired Mellanox Technologies, an Israeli-US supplier of networking products, China’s State Administration for Market Regulation (SAMR) said on Monday. Beijing conditionally approved the US chipmaker’s acquisition of Mellanox in 2020. Monday’s statement came as US and Chinese official

Topics: chipmaker monday nvidia regulator samr
Read More
Shop Amazon

Battling for the lead at an IRL version of Mario Kart

theverge.com Tim Stevens 2025-09-25 08:01:24

When it comes to mainstream gaming appeal, it’s hard to beat Mario Kart. Break out some controllers at a party and you’ll likely get a grid full of eager racers. The game’s seamless way of balancing disparate levels of skill and aggression creates an addictive experience for just about everyone. Real-world karting, on the other hand, remains more of a niche affair. Sure, plenty of people race karts at theme parks and putt-putt parking lots, but this style of racing isn’t on the radar for your a

Topics: kart mario power rpm track
Read More
Shop Amazon

MIT-MC CP/M archive files, 1979-1984

news.ycombinator.com Unknown 2025-09-22 19:36:58

MIT-MC CP/M archive files, 1979-1984 This repository contains code, software, and related files developed for the CP/M operating system, created from 1979-1984. It was hosted on the Massachusetts Institute of Technology's MIT-MC (Macsyma Consortium) computer and available on the ARPANET. This was a freeware and shareware "archive" maintained by Frank J. Wancho and Keith Petersen. When the Macsyma Consortium was dissolved in 1983, the files were moved to SIMTEL20. The files available in this rep

Topics: archive cpm file files mit
Read More
Shop Amazon

Behind Kamathipura's Closed Doors

news.ycombinator.com Failed Architecture 2025-09-21 16:03:03

On the rickshaw, in the evening rush hour. An elderly driver, hands on the steering wheel, khaki shirt, marking his station. His neck hesitantly swivels, as if to say something: they have arrived at their destination. An alien territory in the white-washed city. Coquettish beckonings are lined up on fractured doors as street lamps in the narrow alleys. Collapsing buildings constrict ventilation and light. A landlord’s greed is made manifest: two-storeyed houses buried beneath off-balanced extens

Topics: kamathipura neighborhood redevelopment sex workers
Read More
Shop Amazon

How to upgrade your 'incompatible' Windows 10 PC to Windows 11 - for free

zdnet.com Ed Bott 2025-09-27 12:09:00

zhihao/Moment via Getty Images Follow ZDNET: Add us as a preferred source on Google. ZDNET's key takeaways Most PCs from the last 15 years can be upgraded to Windows 11, even if they fail compatibility checks. PCs originally sold with Windows 10 can usually be upgraded after one small registry edit. On older PCs and those with unusual configurations, a third-party utility does the job. On Oct. 14, 2025, Microsoft will stop delivering security updates to your Windows 10 PC unless you enroll

Topics: 11 pc tpm upgrade windows
Read More
Shop Amazon

Nvidia unveils new GPU designed for long-context inference

techcrunch.com Russell Brandom 2025-10-03 20:35:47

In Brief At the AI Infrastructure Summit on Tuesday, Nvidia announced a new GPU called the Rubin CPX, designed for context windows larger than 1 million tokens. Part of the chip giant’s forthcoming Rubin series, the CPX is optimized for processing large sequences of context and is meant to be used as part of a broader “disaggregated inference” infrastructure approach. For users, the result will be better performance on long-context tasks like video generation or software development. Nvidia’s

Topics: context cpx development nvidia rubin
Read More
Shop Amazon

This 2FA phishing scam pwned a developer - and endangered billions of npm downloads

zdnet.com Charlie Osborne 2025-10-04 04:06:38

Elyse Betters Picaro / ZDNET Follow ZDNET: Add us as a preferred source on Google. ZDNET's key takeaways A phishing email was at the heart of the attack. NPM team quickly removed backdoored versions. 18 packages hit, with 2B+ downloads every week. A new digital supply chain attack has targeted popular open-source npm packages with at least two billion downloads per week. 'I've been pwned' On Sept. 8, Josh Junon, a package maintainer whose account was at the center of the attack, revealed

Topics: email junon npm packages phishing
Read More
Shop Amazon

Massive Supply Chain Attack Targets Cryptocurrencies Through NPM

gizmodo.com Lucas Ropek 2025-10-04 12:50:00

A phishing attack aimed at a particular software maintainer’s account has managed to compromise software packages that have over 2.6 billion weekly downloads. BleepingComputer, noting that the infection is being called the “largest supply chain attack in history.” The developer behind the software packages, identified as Josh Junon, was compromised via a phishing scheme targeting several blockchains, including Ethereum, Bitcoin, Solana, and Tron, The Register reports. Junon has been posting abo

Topics: account junon npm packages software
Read More
Shop Amazon

Software packages with more than 2 billion weekly downloads hit in supply-chain attack

arstechnica.com Unknown 2025-10-04 20:37:04

Hackers planted malicious code in open source software packages with more than 2 billion weekly updates in what is likely to be the world’s biggest supply-chain attack ever. The attack, which compromised nearly two dozen packages hosted on the npm repository, came to public notice on Monday in social media posts. Around the same time, Josh Junon, a maintainer or co-maintainer of the affected packages, said he had been “pwned” after falling for an email that claimed his account on the platform w

Topics: code junon npm packages time
Read More
Shop Amazon

Air pollution directly linked to increased dementia risk

news.ycombinator.com Fieldhouse 2025-10-06 22:13:42

A study has found that exposure to air pollution can increase the risk of developing Lewy body dementia.Credit: Sonu Mehta/Hindustan Times/Shutterstock An analysis of 56 million people has shown that exposure to air pollution increases the risk of developing a particular form of dementia, the third most common type after Alzheimer’s disease and vascular dementia. The study, published in Science on 4 September1, suggests that there is a clear link between long-term exposure to PM 2.5 — airborne

Topics: body dementia exposure lewy pm
Read More
Shop Amazon

A Software Development Methodology for Disciplined LLM Collaboration

news.ycombinator.com Unknown 2025-10-06 15:47:57

Disciplined AI Software Development - Collaborative A structured approach for working with AI on development projects. This methodology addresses common issues like code bloat, architectural drift, and context dilution through systematic constraints. The Context Problem AI systems work on Question → Answer patterns. When you ask for broad, multi-faceted implementations, you typically get: Functions that work but lack structure Repeated code across components Architectural inconsistency ove

Topics: ai architectural code development methodology
Read More
Shop Amazon

Development speed is not a bottleneck

news.ycombinator.com Pawel Brodzinski 2025-10-07 20:13:41

"You are wrong, Pawel. You can vibe code a successful product without any technical skills. Here's one example." I liked the challenge, especially since it referenced a source. What I thought would be a short comment evolved into a series of articles. This post is the last one (or at least I believe so at the time of writing), and I will focus on the product management side. Well, just one aspect of it. The perception that the pace of shipping features (or building in general) is the bottlene

Topics: coding development google product products
Read More
Shop Amazon

Development Speed Has Never Been a Bottleneck

news.ycombinator.com Pawel Brodzinski 2025-10-08 16:13:41

"You are wrong, Pawel. You can vibe code a successful product without any technical skills. Here's one example." I liked the challenge, especially since it referenced a source. What I thought would be a short comment evolved into a series of articles. This post is the last one (or at least I believe so at the time of writing), and I will focus on the product management side. Well, just one aspect of it. The perception that the pace of shipping features (or building in general) is the bottlene

Topics: coding development google product products
Read More
Shop Amazon

Seedbox Lite: A lightweight torrent streaming app with instant playback

news.ycombinator.com Unknown 2025-10-19 11:18:40

🎬 SeedBox Lite Stream Torrents Instantly 🚀 Overview SeedBox Lite is a cutting-edge torrent streaming platform that allows you to watch movies and TV shows instantly without waiting for complete downloads. Built with modern web technologies, it provides a Netflix-like experience with powerful torrent capabilities. ✨ Key Highlights 🎯 Instant Streaming - Start watching immediately as the torrent downloads - Start watching immediately as the torrent downloads 🔐 Password Protection - Secure acc

Topics: cd docker http pm2 seedbox
Read More
Shop Amazon

China Unveils Plans to Establish a Fully AI-Powered Economy by 2035

futurism.com Unknown 2025-10-21 19:15:27

As the western world braces for the "pop" of an enormous AI spending bubble, it seems China is going all-in on the AI hype. Yesterday, the Chinese State Council — the government body responsible for carrying out Chinese Government policy, sort of like the executive branch of the US — released its ten-year plan for AI development. By 2035, it declares, AI will become a "key growth engine for the country's economic development," enabling the People's Republic to "fully enter a new stage of devel

Topics: ai china development plan state
Read More
Shop Amazon

Smartphones are finally choosing quality over quantity when it comes to cameras

androidauthority.com Unknown 2025-10-23 23:06:03

Robert Triggs / Android Authority TL;DR Smartphones shipped in Q2 2025 with an average of 3.19 cameras, down from 3.37 a year earlier. Dual-camera setups now lead shipments, while single-camera models are making a comeback. Brands are swapping extra lenses for higher-res sensors and AI-driven photography. Phone makers spent many years racing to cram as many cameras into their handsets as possible. At one point, it wasn’t unusual to see four lenses stuck on the back of a flagship, and it was

Topics: cameras latest lenses phones shipments
Read More
Shop Amazon

Smartphones are choosing quality over quantity when it comes to cameras

androidauthority.com Unknown 2025-10-24 04:06:03

Robert Triggs / Android Authority TL;DR Smartphones shipped in Q2 2025 with an average of 3.19 cameras, down from 3.37 a year earlier. Dual-camera setups now lead shipments, while single-camera models are making a comeback. Brands are swapping extra lenses for higher-res sensors and AI-driven photography. Phone makers spent many years racing to cram as many cameras into their handsets as possible. At one point, it wasn’t unusual to see four lenses stuck on the back of a flagship, and it was

Topics: cameras latest lenses phones shipments
Read More
Shop Amazon

Uncomfortable Questions About Android Developer Verification

news.ycombinator.com Unknown 2025-10-25 04:14:19

Uncomfortable Questions About Android Developer Verification ICEBlock “is an innovative, completely anonymous crowdsourced platform that allows users to report Immigration and Customs Enforcement (ICE) activity with just two taps on their phone.” The developer of ICEBlock disclosed his identity. In addition to receiving threats of federal prosecution over the app, the developer has faced other backlash, including his wife being fired from a federal government job. This is one recent example d

Topics: android app developer development google
Read More
Shop Amazon
Trending Topics
Hot Now
ai 3589 apple 2982 new 2366 google 1994 content 1715
Popular
like 1480 company 1409 pro 1306 iphone 1133 app 1116 zdnet 1097 said 1045 data 1039 does 899 reviews 885
Emerging
editorial 864 amazon 854 game 801 samsung 768 phone 757 pixel 755 android 736 just 713 available 680 users 678
About GoKawiil

GoKawiil is a project by nerdhub.co that curates technology news from trusted sources. We built this site to provide a cleaner, more mobile-friendly experience without intrusive ads or heavy JavaScript.

Privacy

Your privacy matters. GoKawiil doesn't use Google Analytics or Facebook Pixel. The only tracking occurs through affiliate links to Amazon.

Advertising

Interested in advertising? Contact us at [email protected]