Latest Tech News

Stay updated with the latest in technology, AI, cybersecurity, and more

Filtered by: secrets Clear Filter

Self Propagating NPM Malware Compromises over 40 Packages

news.ycombinator.com Unknown 2025-09-27 07:22:03

Executive Summary The NPM ecosystem is facing another critical supply chain attack. The popular @ctrl/tinycolor package, which receives over 2 million weekly downloads, has been compromised along with more than 40 other packages across multiple maintainers. This attack demonstrates a concerning evolution in supply chain threats - the malware includes a self-propagating mechanism that automatically infects downstream packages, creating a cascading compromise across the ecosystem. The compromised

Topics: aws github npm packages secrets
Read More
Shop Amazon

Hackers steal 3,325 secrets in GhostAction GitHub supply chain attack

bleepingcomputer.com Unknown 2025-10-09 10:53:59

A new supply chain attack on GitHub, dubbed 'GhostAction,' has compromised 3,325 secrets, including PyPI, npm, DockerHub, GitHub tokens, Cloudflare, and AWS keys. The attack was discovered by GitGuardian researchers, who report that the first signs of compromise on one of the impacted projects, FastUUID, became evident on September 2, 2025. The attack involved leveraging compromised maintainer accounts to perform commits that added a malicious GitHub Actions workflow file that triggers automat

Topics: gitguardian github malicious secrets tokens
Read More
Shop Amazon

Keeping secrets out of logs (2024)

news.ycombinator.com Unknown 2025-10-10 11:16:30

Keeping Secrets Out of Logs tl;dr: There's no silver bullet, but if we put some "lead" bullets in the right places, we have a good shot at keeping sensitive data out of logs. "This is the blog version of a talk I gave at LocoMocoSec 2024. It’s mostly a lightly edited transcript with some screenshots, so if you’d prefer, you can watch the "This is the blog version of a talk I gave at LocoMocoSec 2024. It’s mostly a lightly edited transcript with some screenshots, so if you’d prefer, you can wat

Topics: data like logs secret secrets
Read More
Shop Amazon

AI-powered malware hit 2,180 GitHub accounts in “s1ngularity” attack

bleepingcomputer.com Unknown 2025-10-10 08:11:21

Investigations into the Nx "s1ngularity" NPM supply chain attack have unveiled a massive fallout, with thousands of account tokens and repository secrets leaked. According to a post-incident evaluation by Wiz researchers, the Nx compromise has resulted in the exposure of 2,180 accounts and 7,200 repositories across three distinct phases. Wiz also stressed that the incident's scope of impact remains significant, as many of the leaked secrets remain valid, and so the effect is still unfolding.

Topics: attack github nx secrets wiz
Read More
Shop Amazon

Apple accuses Android brand of trade secret theft over wearables (Update: Response)

androidauthority.com Unknown 2025-11-02 10:05:22

Update: August 25, 2025 (1:07 AM ET): OPPO has now issued an official statement addressing Apple’s legal filing against it and a former Apple employee. The company posted the following in an email to Android Authority: We are aware of the recent lawsuit filed by Apple in California and have carefully reviewed the allegations in Apple’s complaint. We have found no evidence establishing any connection between these allegations and the employee’s conduct during his employment at OPPO. OPPO respec

Topics: apple employee oppo secrets trade
Read More
Shop Amazon

TSMC launches legal action against former employees for allegedly trying to leak 2nm trade secrets

techspot.com Rob Thubron 2025-12-09 14:29:00

What just happened? TSMC says has taken strict disciplinary action and launched legal proceedings against a number of employees over potential trade secret leaks. The world's largest chipmaker said that the discovery was made after it detected unauthorized activities on its network during routine monitoring. TSMC said in a statement that its comprehensive and robust monitoring mechanisms allowed it to identify the potential crime early. It started an internal investigation, which led to discipl

Topics: employees said secrets trade tsmc
Read More
Shop Amazon

Proton fixes Authenticator bug leaking TOTP secrets in logs

bleepingcomputer.com Unknown 2025-12-11 04:09:48

Proton fixed a bug in its new Authenticator app for iOS that logged users' sensitive TOTP secrets in plaintext, potentially exposing multi-factor authentication codes if the logs were shared. Last week, Proton released a new Proton Authenticator app, which is a free standalone two-factor authentication (2FA) application for Windows, macOS, Linux, Android, and iOS. The app is used to store multi-factor authentication TOTP secrets that can be used to generate one-time passcodes for authenticatio

Topics: app logs proton secrets totp
Read More
Shop Amazon

SecretSpec: Declarative Secrets Management

news.ycombinator.com Unknown 2026-01-07 22:54:03

Announcing SecretSpec: Declarative Secrets Management We've supported .env integration for managing secrets, but it has several issues: Apps are disconnected from their secrets - applications lack a clear contract about which secrets they need - applications lack a clear contract about which secrets they need Parsing .env is unclear - comments, multiline values, and special characters all have ambiguous behavior across different parsers - comments, multiline values, and special characters al

Topics: env provider secrets secretspec toml
Read More
Shop Amazon

Magic .env files built for sharing: Human-first, AI-friendly

news.ycombinator.com Unknown 2026-01-27 11:59:06

██▒ █▓ ▄▄▄ ██▀███ ██▓ ▒█████ ▄████▄ ██ ▄█▀ ▓██░ █▒▒████▄ ▓██ ▒ ██▒▓██▒ ▒██▒ ██▒▒██▀ ▀█ ██▄█▒ ▓██ █▒░▒██ ▀█▄ ▓██ ░▄█ ▒▒██░ ▒██░ ██▒▒██ ▄ ▓███▄░ ▒██ █░░░██▄▄▄▄██ ▒██▀▀█▄ ▒██░ ▒██ ██░▒██▄ ▄██▒▓██ █▄ ▒▀█░ ▓█ ▓██▒░██▓ ▒██▒░██████▒░ █████▒░▒ ████▀ ░▒██▒ █▄ ░ ▐░ ▒▒ ▓▒█░░ ▒▓ ░▒▓░░ ▒░▓ ░░ ▒░▒░▒░ ░ ░▒ ▒ ░▒ ▒▒ ▓▒ ░ ░░ ▒ ▒▒ ░ ░▒ ░ ▒░░ ░ ▒ ░ ░ ▒ ▒░ ░ ▒ ░ ░▒ ▒░ ░░ ░ ▒ ░░ ░ ░ ░ ░ ░ ░ ▒ ░ ░ ░░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ Magic .env files built for sharing: Human-first, AI-friendly .env.schema # API key with val

Topics: api env install secrets varlock
Read More
Shop Amazon

I scanned all of GitHub's "oops commits" for leaked secrets

news.ycombinator.com Unknown 2026-02-10 15:44:19

TL;DR GitHub Archive logs every public commit, even the ones developers try to delete. Force pushes often cover up mistakes like leaked credentials by rewriting Git history. GitHub keeps these dangling commits, from what we can tell, forever. In the archive, they show up as “zero-commit” PushEvents . I scanned every force push event since 2020 and uncovered secrets worth $25k in bug bounties. Together with Truffle Security, we're open sourcing a new tool to scan your own GitHub organization for

Topics: commit commits deleted github secrets
Read More
Shop Amazon

Show HN: A local secrets manager with easy backup

news.ycombinator.com Unknown 2026-02-10 05:30:09

yacs Yet another credential store 🔐 yacs is a command-line tool that allows you to securely store, manage, and retrieve secrets locally in an encrypted JSON file. This tool uses AES encryption with a master password to ensure your secrets are kept safe. Features Initialization: Set up a new credential store with a master password and a hint. Adding Secrets: Add secrets with descriptions, supporting both string and binary types. Retrieving Secrets: Retrieve secrets by their key. Viewing Keys

Topics: key master password secrets yacs
Read More
Shop Amazon

HCP Vault Secrets End of Life

news.ycombinator.com Unknown 2026-03-05 17:47:21

HashiCorp will be decommissioning HCP Vault Secrets. The team is shifting focus to bringing the ease of use learnings from HCP Vault Secrets to HCP Vault Dedicated. Current HCP Vault Secrets users are encouraged to migrate to HCP Vault Dedicated. Important Timelines End of Sale: June 30, 2025 New customers will no longer have access to HCP Vault Secrets Existing customers will be able to add new HCP Vault Secrets applications until the end of life End of life: August 27, 2025 (pay-as-you-go

Topics: customers end hcp secrets vault
Read More
Shop Amazon

Former NASA Agent Suggests Government Used UFO Theories To Cover "Stealth Technology"

futurism.com Unknown 2026-03-13 11:06:14

A former NASA official says he thinks the government uses rumors of alien conspiracies to hide its secrets — a suggestion corroborated by a recent bombshell report about military officials spreading UFO disinformation. In an interview with Fox News, Joseph Gutheinz, a former special agent at NASA's inspector general, said that the US military's clandestine operations are likely behind many UFO conspiracy theories. "I believe early on in the 1940s when all these UFO stories started coming up, i

Topics: government military nasa secrets ufo
Read More
Shop Amazon
Trending Topics
Hot Now
ai 3649 apple 3026 new 2403 google 2032 content 1732
Popular
like 1500 company 1423 pro 1328 iphone 1168 app 1131 zdnet 1113 said 1066 data 1051 does 908 reviews 893
Emerging
editorial 872 amazon 859 game 810 samsung 777 phone 766 pixel 760 android 742 just 717 users 688 available 685
About GoKawiil

GoKawiil is a project by nerdhub.co that curates technology news from trusted sources. We built this site to provide a cleaner, more mobile-friendly experience without intrusive ads or heavy JavaScript.

Privacy

Your privacy matters. GoKawiil doesn't use Google Analytics or Facebook Pixel. The only tracking occurs through affiliate links to Amazon.

Advertising

Interested in advertising? Contact us at [email protected]