Latest Tech News

Stay updated with the latest in technology, AI, cybersecurity, and more

Filtered by: secret Clear Filter

Self Propagating NPM Malware Compromises over 40 Packages

news.ycombinator.com Unknown 2025-09-22 22:22:03

Executive Summary The NPM ecosystem is facing another critical supply chain attack. The popular @ctrl/tinycolor package, which receives over 2 million weekly downloads, has been compromised along with more than 40 other packages across multiple maintainers. This attack demonstrates a concerning evolution in supply chain threats - the malware includes a self-propagating mechanism that automatically infects downstream packages, creating a cascading compromise across the ecosystem. The compromised

Topics: aws github npm packages secrets
Read More
Shop Amazon

Hackers steal 3,325 secrets in GhostAction GitHub supply chain attack

bleepingcomputer.com Unknown 2025-10-05 01:53:59

A new supply chain attack on GitHub, dubbed 'GhostAction,' has compromised 3,325 secrets, including PyPI, npm, DockerHub, GitHub tokens, Cloudflare, and AWS keys. The attack was discovered by GitGuardian researchers, who report that the first signs of compromise on one of the impacted projects, FastUUID, became evident on September 2, 2025. The attack involved leveraging compromised maintainer accounts to perform commits that added a malicious GitHub Actions workflow file that triggers automat

Topics: gitguardian github malicious secrets tokens
Read More
Shop Amazon

Keeping secrets out of logs (2024)

news.ycombinator.com Unknown 2025-10-06 02:16:30

Keeping Secrets Out of Logs tl;dr: There's no silver bullet, but if we put some "lead" bullets in the right places, we have a good shot at keeping sensitive data out of logs. "This is the blog version of a talk I gave at LocoMocoSec 2024. It’s mostly a lightly edited transcript with some screenshots, so if you’d prefer, you can watch the "This is the blog version of a talk I gave at LocoMocoSec 2024. It’s mostly a lightly edited transcript with some screenshots, so if you’d prefer, you can wat

Topics: data like logs secret secrets
Read More
Shop Amazon

AI-powered malware hit 2,180 GitHub accounts in “s1ngularity” attack

bleepingcomputer.com Unknown 2025-10-05 23:11:21

Investigations into the Nx "s1ngularity" NPM supply chain attack have unveiled a massive fallout, with thousands of account tokens and repository secrets leaked. According to a post-incident evaluation by Wiz researchers, the Nx compromise has resulted in the exposure of 2,180 accounts and 7,200 repositories across three distinct phases. Wiz also stressed that the incident's scope of impact remains significant, as many of the leaked secrets remain valid, and so the effect is still unfolding.

Topics: attack github nx secrets wiz
Read More
Shop Amazon

Playing every game of Wordle simultaneously

news.ycombinator.com Chris K. W. 2025-10-26 08:34:26

If you’ve fallen far enough down the Wordle rabbit hole you may have heard of Quordle, a version of Wordle where you solve four words at once. If you’re looking for more of a challenge, Britannica has you covered with Octordle, where you solve eight words at once. And of course any Wordler worth their salt should be able to handle sixteen words, like in Sedecordle. And no, it doesn’t stop there: Sexaginta-quattuordle isn’t real, it can’t hurt yo– One logical extreme of this trend would be to

Topics: position secret strategy wordle words
Read More
Shop Amazon

Apple accuses Android brand of trade secret theft over wearables (Update: Response)

androidauthority.com Unknown 2025-10-29 00:05:22

Update: August 25, 2025 (1:07 AM ET): OPPO has now issued an official statement addressing Apple’s legal filing against it and a former Apple employee. The company posted the following in an email to Android Authority: We are aware of the recent lawsuit filed by Apple in California and have carefully reviewed the allegations in Apple’s complaint. We have found no evidence establishing any connection between these allegations and the employee’s conduct during his employment at OPPO. OPPO respec

Topics: apple employee oppo secrets trade
Read More
Shop Amazon

Secretive, Peter Thiel-Founded ‘Tech Bilderberg” Group Is Moving Up in the World

gizmodo.com Lucas Ropek 2025-11-26 12:30:57

A secretive group founded by Palantir mogul Peter Thiel is planning to expand its influence in Washington, D.C., according to a report from Axios. The group, called Dialog, wants to establish a permanent physical campus in the capital, where it can carry on its invite-only meetings involving major power players. Working off information provided by a source with knowledge of the group’s activities, Axios claims that Dialog—which it says is “often compared to a tech-era Bilderberg”—has plans for

Topics: dialog group just secretive tech
Read More
Shop Amazon

Show HN: Stasher – Burn-after-read secrets from the CLI, no server, no trust

news.ycombinator.com Unknown 2025-11-28 21:48:11

Stasher CLI Share secrets from your terminal. One-time only. No accounts. No backend. No BS. I just wanted to share a password. Not spin up a server. Not sign up for a "secure" web app. Not trust a Slack thread. Just. Send. A. Secret. So I built Stasher — a burn-after-read, command-line tool for secure, ephemeral secret sharing. Built for people who are busy, paranoid, or both. "How Can I Trust You?" That's what someone asked me — and they were right to. Even if I say: "It's encrypted"

Topics: cli npx secret stasher uuid
Read More
Shop Amazon

TSMC launches legal action against former employees for allegedly trying to leak 2nm trade secrets

techspot.com Rob Thubron 2025-12-04 08:29:00

What just happened? TSMC says has taken strict disciplinary action and launched legal proceedings against a number of employees over potential trade secret leaks. The world's largest chipmaker said that the discovery was made after it detected unauthorized activities on its network during routine monitoring. TSMC said in a statement that its comprehensive and robust monitoring mechanisms allowed it to identify the potential crime early. It started an internal investigation, which led to discipl

Topics: employees said secrets trade tsmc
Read More
Shop Amazon

Proton fixes Authenticator bug leaking TOTP secrets in logs

bleepingcomputer.com Unknown 2025-12-05 22:09:48

Proton fixed a bug in its new Authenticator app for iOS that logged users' sensitive TOTP secrets in plaintext, potentially exposing multi-factor authentication codes if the logs were shared. Last week, Proton released a new Proton Authenticator app, which is a free standalone two-factor authentication (2FA) application for Windows, macOS, Linux, Android, and iOS. The app is used to store multi-factor authentication TOTP secrets that can be used to generate one-time passcodes for authenticatio

Topics: app logs proton secrets totp
Read More
Shop Amazon

Hiding secret codes in light protects against fake videos

news.ycombinator.com Patricia Waldron 2025-12-07 08:40:27

Fact-checkers may have a new tool in the fight against misinformation. A team of Cornell researchers has developed a way to “watermark” light in videos, which they can use to detect if video is fake or has been manipulated. The idea is to hide information in nearly-invisible fluctuations of lighting at important events and locations, such as interviews and press conferences or even entire buildings, like the United Nations Headquarters. These fluctuations are designed to go unnoticed by humans

Topics: code davis light secret video
Read More
Shop Amazon

Microsoft catches Russian hackers targeting foreign embassies

arstechnica.com Unknown 2025-12-10 17:43:51

Russian-state hackers are targeting foreign embassies in Moscow with custom malware that gets installed using adversary-in-the-middle attacks that operate at the ISP level, Microsoft warned Thursday. The campaign has been ongoing since last year. It leverages ISPs in that country, which are obligated to work on behalf of the Russian government. With the ability to control the ISP network, the threat group—which Microsoft tracks under the name Secret Blizzard—positions itself between a targeted

Topics: blizzard isp microsoft russian secret
Read More
Shop Amazon

Google won’t say if UK secretly demanded a backdoor for user data

techcrunch.com Zack Whittaker 2025-12-17 03:07:56

The U.K. government is reportedly backing down from its earlier demand that Apple builds a secret backdoor allowing its authorities access to customer data worldwide, following a harsh rebuke from the U.S. government. But one U.S. senator wants to know if other tech giants, like Google, have also received secret backdoor demands from the U.K. government, and Google has so far refused to say. Earlier this year, The Washington Post reported that the U.K. Home Office sought a secret court order i

Topics: apple end order received secret
Read More
Shop Amazon

‘Talamasca: The Secret Order’ Lures You Deeper Into the World of ‘Interview With the Vampire’

gizmodo.com Cheryl Eddy 2025-12-20 21:15:47

Vampires, witches, and demons, beware: the Talamasca, a secret group that fans of Interview With the Vampire will already have an inkling about, has you under surveillance. But can the watchers themselves be trusted? The first teaser trailer for Talamasca: The Secret Order, AMC’s latest show in its Anne Rice Immortal Universe, suggests that even those on the inside should definitely watch their backs. The trailer heavily features a very blonde Elizabeth McGovern doing her best to recruit Nichol

Topics: amc interview secret talamasca vampire
Read More
Shop Amazon

SecretSpec: Declarative Secrets Management

news.ycombinator.com Unknown 2026-01-02 16:54:03

Announcing SecretSpec: Declarative Secrets Management We've supported .env integration for managing secrets, but it has several issues: Apps are disconnected from their secrets - applications lack a clear contract about which secrets they need - applications lack a clear contract about which secrets they need Parsing .env is unclear - comments, multiline values, and special characters all have ambiguous behavior across different parsers - comments, multiline values, and special characters al

Topics: env provider secrets secretspec toml
Read More
Shop Amazon

Mistakes Microsoft made in the Xbox security system (2005)

news.ycombinator.com Unknown 2026-01-08 21:23:12

From xboxdevwiki This article has been retrieved from [1]. We might have a similar article. [[]] by Michael Steil Introduction The Xbox is a gaming console, which has been introduced by Microsoft Corporation in late 2001 and competed with the Sony Playstation 2 and the Nintendo GameCube. Microsoft wanted to prevent the Xbox from being used with copied games, unofficial applications and alternative operating systems, and therefore designed and implemented a security system for this purpos

Topics: code microsoft rom secret xbox
Read More
Shop Amazon

Mistakes Microsoft made in the Xbox security system

news.ycombinator.com Unknown 2026-01-09 03:23:12

From xboxdevwiki This article has been retrieved from [1]. We might have a similar article. [[]] by Michael Steil Introduction The Xbox is a gaming console, which has been introduced by Microsoft Corporation in late 2001 and competed with the Sony Playstation 2 and the Nintendo GameCube. Microsoft wanted to prevent the Xbox from being used with copied games, unofficial applications and alternative operating systems, and therefore designed and implemented a security system for this purpos

Topics: code microsoft rom secret xbox
Read More
Shop Amazon

Apple TV+ docuseries scores 6 Daytime Emmy Awards nominations

9to5mac.com Marcus Mendes 2026-01-18 08:44:59

Apple has picked up six Daytime Emmy nominations for one of its most interesting nature docuseries, produced in partnership with the BBC Studios Natural History Unit. See the categories and watch the trailer below. Winners will be announced this October Today, the Television Academy announced the nominees for the 52nd Daytime Emmy Awards. The winners will be revealed on October 17, a little more than a month after the 77th Primetime Emmy Awards, which will take place on September 14. Among th

Topics: animals apple lives outstanding secret
Read More
Shop Amazon

Magic .env files built for sharing: Human-first, AI-friendly

news.ycombinator.com Unknown 2026-01-22 05:59:06

██▒ █▓ ▄▄▄ ██▀███ ██▓ ▒█████ ▄████▄ ██ ▄█▀ ▓██░ █▒▒████▄ ▓██ ▒ ██▒▓██▒ ▒██▒ ██▒▒██▀ ▀█ ██▄█▒ ▓██ █▒░▒██ ▀█▄ ▓██ ░▄█ ▒▒██░ ▒██░ ██▒▒██ ▄ ▓███▄░ ▒██ █░░░██▄▄▄▄██ ▒██▀▀█▄ ▒██░ ▒██ ██░▒██▄ ▄██▒▓██ █▄ ▒▀█░ ▓█ ▓██▒░██▓ ▒██▒░██████▒░ █████▒░▒ ████▀ ░▒██▒ █▄ ░ ▐░ ▒▒ ▓▒█░░ ▒▓ ░▒▓░░ ▒░▓ ░░ ▒░▒░▒░ ░ ░▒ ▒ ░▒ ▒▒ ▓▒ ░ ░░ ▒ ▒▒ ░ ░▒ ░ ▒░░ ░ ▒ ░ ░ ▒ ▒░ ░ ▒ ░ ░▒ ▒░ ░░ ░ ▒ ░░ ░ ░ ░ ░ ░ ░ ▒ ░ ░ ░░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ Magic .env files built for sharing: Human-first, AI-friendly .env.schema # API key with val

Topics: api env install secrets varlock
Read More
Shop Amazon

I scanned all of GitHub's "oops commits" for leaked secrets

news.ycombinator.com Unknown 2026-02-05 09:44:19

TL;DR GitHub Archive logs every public commit, even the ones developers try to delete. Force pushes often cover up mistakes like leaked credentials by rewriting Git history. GitHub keeps these dangling commits, from what we can tell, forever. In the archive, they show up as “zero-commit” PushEvents . I scanned every force push event since 2020 and uncovered secrets worth $25k in bug bounties. Together with Truffle Security, we're open sourcing a new tool to scan your own GitHub organization for

Topics: commit commits deleted github secrets
Read More
Shop Amazon

Show HN: A local secrets manager with easy backup

news.ycombinator.com Unknown 2026-02-04 23:30:09

yacs Yet another credential store 🔐 yacs is a command-line tool that allows you to securely store, manage, and retrieve secrets locally in an encrypted JSON file. This tool uses AES encryption with a master password to ensure your secrets are kept safe. Features Initialization: Set up a new credential store with a master password and a hint. Adding Secrets: Add secrets with descriptions, supporting both string and binary types. Retrieving Secrets: Retrieve secrets by their key. Viewing Keys

Topics: key master password secrets yacs
Read More
Shop Amazon

Everything You Need to Know About the Sonic the Hedgehog Magic: The Gathering Drop

cnet.com See Full Bio 2026-02-13 00:53:00

Magic: The Gathering hit a goldmine earlier this month when it released its Final Fantasy set based on one of the most popular video game franchises of all time. Final Fantasy was reportedly the best-selling Magic set before it even released, thanks to extensive preorders. Now Wizards of the Coast is hoping to repeat that success with Secret Lair drops themed around video game icon Sonic the Hedgehog, launching Monday, July 14. Wizards of the Coast/Sega Wizards of the Coast/Sega Wizards of th

Topics: cards magic secret set sonic
Read More
Shop Amazon

Sonic the Hedgehog Is Speeding Into ‘Magic: The Gathering’

gizmodo.com James Whitbrook 2026-02-15 03:00:57

With the success of the Final Fantasy set transitioning Magic‘s collaboration era truly into the mainstream, Wizards of the Coast is running full speed ahead with its latest collaboration: a new Secret Lair drop that will bring Sonic the Hedgehog and his friends to the game. Rather than being reprints of old cards with new art, like the case of the SpongeBob Secret Lair or the recent benefit for the National Association of Latino Arts and Cultures, the new Sonic cards, revealed by Variety today

Topics: cards lair new secret sonic
Read More
Shop Amazon

Finding a 27-year-old easter egg in the Power Mac G3 ROM

news.ycombinator.com Doug Brown 2026-02-23 16:06:45

I was recently poking around inside the original Power Macintosh G3’s ROM and accidentally discovered an easter egg that nobody has documented until now. This story starts with me on a lazy Sunday using Hex Fiend in conjunction with Eric Harmon’s Mac ROM template (ROM Fiend) to look through the resources stored in the Power Mac G3’s ROM. This ROM was used in the beige desktop, minitower, and all-in-one G3 models from 1997 through 1999. As I write this post in mid-2025, I’m having a really diff

Topics: disk image mac rom secret
Read More
Shop Amazon

Show HN: Ariadne – A Rust implementation of aperiodic cryptography

news.ycombinator.com Unknown 2026-02-27 05:54:06

Ariadne Suite ariadne.ciphernomad.org This repository contains the Ariadne Suite, our canonical Rust implementation of the Ariadne Protocol. The protocol is a novel cryptographic architecture we designed around the Labyrinth Construction to provide aperiodic, or non-repeating, cryptographic transformations. The project mission is to create resilient, open-source tools for digital sovereignty. This is independent research, released as a public good. Its continuation, development, and future s

Topics: ariadne cryptographic labyrinth protocol secret
Read More
Shop Amazon

HCP Vault Secrets End of Life

news.ycombinator.com Unknown 2026-02-28 11:47:21

HashiCorp will be decommissioning HCP Vault Secrets. The team is shifting focus to bringing the ease of use learnings from HCP Vault Secrets to HCP Vault Dedicated. Current HCP Vault Secrets users are encouraged to migrate to HCP Vault Dedicated. Important Timelines End of Sale: June 30, 2025 New customers will no longer have access to HCP Vault Secrets Existing customers will be able to add new HCP Vault Secrets applications until the end of life End of life: August 27, 2025 (pay-as-you-go

Topics: customers end hcp secrets vault
Read More
Shop Amazon

A deep-dive explainer on Ink and Switch's BeeKEM protocol

news.ycombinator.com Unknown 2026-03-04 16:02:21

I’ve spent the last year working on local-first apps, most recently with Muni Town. For me, ‘local-first’ isn’t just a technical architecture — it’s a political and social stance. It’s about shifting control: from remote servers and top-down central authorities deciding how data, workflows, and communities operate, to individuals and communities reclaiming that control and gaining autonomy. Seen this way, privacy and consent aren’t add-ons — they’re foundational, just as critical as sync or data

Topics: group key keys new secret
Read More
Shop Amazon

Former NASA Agent Suggests Government Used UFO Theories To Cover "Stealth Technology"

futurism.com Unknown 2026-03-09 02:06:14

A former NASA official says he thinks the government uses rumors of alien conspiracies to hide its secrets — a suggestion corroborated by a recent bombshell report about military officials spreading UFO disinformation. In an interview with Fox News, Joseph Gutheinz, a former special agent at NASA's inspector general, said that the US military's clandestine operations are likely behind many UFO conspiracy theories. "I believe early on in the 1940s when all these UFO stories started coming up, i

Topics: government military nasa secrets ufo
Read More
Shop Amazon

Victoria’s Secret restores critical systems after cyberattack

bleepingcomputer.com Unknown 2026-03-14 04:56:16

Victoria's Secret has restored all critical systems impacted by a May 24 security incident that forced it to shut down corporate systems and the e-commerce website. The company operates around 1,380 retail stores in nearly 70 countries and has reported net sales of $1.353 billion for the first quarter of 2025, with a forecasted net sales range of up to $6.3 billion for the year. In a Thursday filing with the U.S. Securities and Exchange Commission, the company disclosed that all restored criti

Topics: company incident secret systems victoria
Read More
Shop Amazon

After RFK Jr. fires vaccine advisors, doctors brace for blitz on childhood shots

arstechnica.com Unknown 2026-03-16 11:38:11

The medical community is bracing for attacks on, and the possible dismantling of, federal recommendations for safe, lifesaving childhood vaccinations after health secretary and fervent anti-vaccine advocate Robert F. Kennedy Jr. abruptly fired all 17 members of a federal vaccine advisory committee Monday. Outrage has been swift after Kennedy announced the "clean sweep" of the Centers for Disease Control and Prevention's vaccine advisory panel, the Advisory Committee on Immunization Practices (A

Topics: acip advisory cdc kennedy secretary
Read More
Shop Amazon
Trending Topics
Hot Now
ai 3583 apple 2975 new 2359 google 1991 content 1710
Popular
like 1476 company 1408 pro 1305 iphone 1128 app 1113 zdnet 1094 said 1043 data 1036 does 896 reviews 882
Emerging
editorial 861 amazon 854 game 800 samsung 764 phone 756 pixel 754 android 730 just 712 available 680 users 676
About GoKawiil

GoKawiil is a project by nerdhub.co that curates technology news from trusted sources. We built this site to provide a cleaner, more mobile-friendly experience without intrusive ads or heavy JavaScript.

Privacy

Your privacy matters. GoKawiil doesn't use Google Analytics or Facebook Pixel. The only tracking occurs through affiliate links to Amazon.

Advertising

Interested in advertising? Contact us at [email protected]