Hacker Newsnew | past | comments | ask | show | jobs | submit | from login

Supply Chain Attack Targets Laravel-Lang Packages with Credential Stealer (aikido.dev) 2 points by nullbio 3 days ago | past | 1 comment Google API keys keep working after you delete them (aikido.dev) 3 points by dsr12 4 days ago | past | discuss Google API keys will keep working after you delete them (aikido.dev) 4 points by berlianta 5 days ago | past | discuss Microsoft's Durabletask Package on PyPI Compromised. Mini Shai Hulud (aikido.dev) 3 points by mjtk 7 days ago | past | discuss Mini Shai-Hulud Is Back: NPM Worm Hits over 160 Packages, Including Mistral (aikido.dev) 2 points by cebert 14 days ago | past | 1 comment NPM supply-chain attack is targeting the SAP developer ecosystem (aikido.dev) 1 point by raffael_de 26 days ago | past | 1 comment GPT-Proxy Backdoor in NPM and PyPI Turns Servers into Chinese LLM Relays (aikido.dev) 4 points by lschueller 34 days ago | past Axios vulnerability with CVSS 10 over stated? (aikido.dev) 1 point by oofbey 42 days ago | past | 1 comment [dupe] Telnyx package compromised on PyPI (aikido.dev) 85 points by overflowy 60 days ago | past | 1 comment TeamPCP deploys CanisterWorm on NPM following Trivy compromise (aikido.dev) 3 points by Shank 64 days ago | past Glassworm is back: A new wave of invisible Unicode attacks hits repositories (aikido.dev) 303 points by robinhouston 72 days ago | past | 193 comments I wrote Gitleaks, now I'm maintaining Betterleaks (aikido.dev) 15 points by zricethezav 75 days ago | past | 3 comments Aikido launches infinite pentesting – Automated pentesting on every release (aikido.dev) 11 points by advocatemack 89 days ago | past AI Agents discovered a cache deception bug affecting SvelteKit on Vercel (aikido.dev) 2 points by advocatemack 3 months ago | past Fake Clawdbot VS Code Extension Installs ScreenConnect Rat (aikido.dev) 1 point by askl 3 months ago | past Malicious PyPI Packages Spellcheckpy and Spellcheckerpy Deliver Python Rat (aikido.dev) 1 point by birdculture 4 months ago | past Shai Hulud strikes again – The golden path (aikido.dev) 4 points by gpi 4 months ago | past PromptPwnd: Prompt Injection Vulnerabilities in GitHub Actions Using AI Agents (aikido.dev) 2 points by devy 5 months ago | past | 1 comment Prompt injection through GitHub Action workflow impacts Gemini and others (aikido.dev) 4 points by advocatemack 5 months ago | past | 1 comment Safe Chain: Stopping Malicious NPM Packages Before They Wreck Your Project (aikido.dev) 16 points by nailer 6 months ago | past | 2 comments Shai Hulud launches second supply-chain attack (aikido.dev) 352 points by birdculture 6 months ago | past | 23 comments Self-Replicating NPM Package Supply Chain Worm 'Shai Hulud' (aikido.dev) 2 points by oli5679 8 months ago | past Safe Chain: Stopping Malicious NPM Packages Before They Wreck Your Project (aikido.dev) 2 points by danfritz 8 months ago | past S1ngularity/nx attackers strike again (aikido.dev) 1 point by ebfe1 8 months ago | past | 1 comment Popular NX packages compromised on NPM (aikido.dev) 3 points by xtracto 8 months ago | past NPM debug and chalk packages compromised (aikido.dev) 1372 points by universesquid 8 months ago | past | 757 comments Popular nx packages compromised on NPM (aikido.dev) 1 point by jviide 9 months ago | past Malware hiding in plain sight: Spying on North Korean Hackers (aikido.dev) 8 points by thunderbong 11 months ago | past Delivering malware via Google Calendar invites and PUAs in an NPM package (aikido.dev) 4 points by todsacerdoti on May 19, 2025 | past RATatouille: A Malicious Recipe Hidden in rand-user-agent (aikido.dev) 6 points by thunderbong on May 7, 2025 | past More

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact Search: