Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
|
from
login
Malicious NPM Packages Found in React Native – 130K+ Monthly Downloads Hit
(
stepsecurity.io
)
4 points
by
likhith190
1 day ago
|
past
|
discuss
Hundreds of GitHub Python Repos Compromised via Account Takeover and Force-Push
(
stepsecurity.io
)
5 points
by
varunsharma07
3 days ago
|
past
|
1 comment
Xygeni/xygeni-action GitHub Action is compromised – poisoned tag is still live
(
stepsecurity.io
)
2 points
by
varunsharma07
8 days ago
|
past
|
discuss
Hackerbot-Claw: An AI-Powered Bot Actively Exploiting GitHub Actions
(
stepsecurity.io
)
2 points
by
pavel_lishin
15 days ago
|
past
Hackerbot-Claw: An AI-Powered Bot Actively Exploiting GitHub Actions
(
stepsecurity.io
)
4 points
by
denysvitali
16 days ago
|
past
Hackerbot-Claw: An AI-Powered Bot Actively Exploiting GitHub Actions
(
stepsecurity.io
)
2 points
by
pluc
16 days ago
|
past
Hackerbot-Claw: AI Bot Exploiting GitHub Actions – Microsoft, Datadog Hit So Far
(
stepsecurity.io
)
27 points
by
varunsharma07
17 days ago
|
past
|
4 comments
Cline Supply Chain Attack: Cline 2.3.0 Silently Installs OpenClaw
(
stepsecurity.io
)
12 points
by
varunsharma07
28 days ago
|
past
|
1 comment
Harden Runner Detected the SHA1-Hulud Supply Chain Attack in CNCF's Backstage
(
stepsecurity.io
)
1 point
by
varunsharma07
3 months ago
|
past
|
1 comment
ctrl/tinycolor and 40+ NPM Packages Compromised
(
stepsecurity.io
)
2 points
by
tomelders
6 months ago
|
past
|
1 comment
Ctrl/tinycolor and 40 NPM Packages Compromised
(
stepsecurity.io
)
3 points
by
kurmiashish
6 months ago
|
past
|
1 comment
Popular Nx Build System NPM Package Compromised with Data Stealing Malware
(
stepsecurity.io
)
10 points
by
varunsharma07
6 months ago
|
past
|
2 comments
Suspicious Tag Change in AWS's GitHub Action: What Happened and Why It Matters
(
stepsecurity.io
)
3 points
by
varunsharma07
7 months ago
|
past
|
1 comment
Num2words PyPI Package Compromised
(
stepsecurity.io
)
22 points
by
varunsharma07
7 months ago
|
past
|
6 comments
AI coding agents in CI/CD pipelines create new attack vectors
(
stepsecurity.io
)
2 points
by
kurmiashish
7 months ago
|
past
|
1 comment
eslint-config-prettier npm package compromised
(
stepsecurity.io
)
74 points
by
varunsharma07
8 months ago
|
past
|
11 comments
Grafana GitHub Actions Security Incident
(
stepsecurity.io
)
10 points
by
varunsharma07
10 months ago
|
past
Tj-actions/changed-files GitHub Action Compromised – used by over 23K repos
(
stepsecurity.io
)
273 points
by
varunsharma07
on March 14, 2025
|
past
|
298 comments
CI/CD supply chain attack on Azure Karpenter Provider open-source project
(
stepsecurity.io
)
3 points
by
varunsharma07
on Nov 25, 2024
|
past
|
2 comments
Security Breach in Stripe Repo: A Deep Dive into the "Pwn Request" Vulnerability
(
stepsecurity.io
)
7 points
by
varunsharma07
on Sept 6, 2024
|
past
Show HN: GitHub Actions Advisor – View security scores of GitHub Actions you use
(
stepsecurity.io
)
3 points
by
varunsharma07
on Jan 17, 2024
|
past
GitHub Actions security best practices (Checklist)
(
stepsecurity.io
)
4 points
by
jayaramsinghani
on Dec 14, 2023
|
past
How Google secures their GitHub Actions workflows with StepSecurity
(
stepsecurity.io
)
3 points
by
varunsharma07
on Nov 8, 2023
|
past
Celebrating Success of 500 Open Source Projects Using StepSecurity's Platform
(
stepsecurity.io
)
1 point
by
varunsharma07
on July 11, 2023
|
past
|
1 comment
Do you maintain a GitHub Action? Contribute to the SecureWorkflows project
(
stepsecurity.io
)
2 points
by
varunsharma07
on Aug 31, 2022
|
past
|
1 comment
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
