Engineering &
Security Wire
Curated from Hacker News, Lobsters, Krebs on Security, and other top sources. Updated every 6 hours.
Why the US Navy won't blast the Iranians and 'open' Strait of Hormuz
389 points, 1045 comments on Hacker News
Claude Code's source code has been leaked via a map file in their NPM registry
Article URL: https://twitter.com/Fried_rice/status/2038894956459290963 Comments URL: https://news.ycombinator.com/item?id=47584540 Points: 1186 # Comments: 636
Fast and Gorgeous Erosion Filter
45 points, 7 comments on Hacker News
Accidentally created my first fork bomb with Claude Code
4 points, 0 comments on Hacker News
Supply Chain Attack on Axios
Comments
Let the commits tell the story
Comments
cocoa-way: Native macOS Wayland Compositor written in Rust using Smithay
Comments
Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account
The popular HTTP client known as Axios has suffered a supply chain attack after two newly published versions of the npm package introduced a malicious dependency that delivers a trojan capable of targeting Windows, macOS, and Linux systems. Versions 1.14.1 and 0.30.4 of Axios have been found to inject "plain-crypto-js" version 4.2.1 as a fake dependency. According to StepSecurity, the two
Gone (Almost) Phishin'
72 points, 32 comments on Hacker News
Why have supply chain attacks become a near daily occurrence ?
There are now two supply chain attacks in a week. A few days ago it was litellm (Pypi) and now its axios (npm) .
Ollama is now powered by MLX on Apple Silicon in preview
551 points, 274 comments on Hacker News
Claude finds RCE in Vim and Emacs
Comments
Axios compromised on NPM – Malicious versions drop remote access trojan
1600 points, 627 comments on Hacker News
Artemis II is not safe to fly
733 points, 463 comments on Hacker News
Built a cheap DIY fan controller because my motherboard never had working PWM
43 points, 15 comments on Hacker News
Rust's next-generation trait solver
Comments
What Gödel Discovered (2020)
30 points, 5 comments on Hacker News
OpenAI Patches ChatGPT Data Exfiltration Flaw and Codex GitHub Token Vulnerability
A previously unknown vulnerability in OpenAI ChatGPT allowed sensitive conversation data to be exfiltrated without user knowledge or consent, according to new findings from Check Point. "A single malicious prompt could turn an otherwise ordinary conversation into a covert exfiltration channel, leaking user messages, uploaded files, and other sensitive content," the cybersecurity company said in
Joins are NOT Expensive
Comments
Reverse Engineering Crazy Taxi, Part 2
20 points, 2 comments on Hacker News
GitHub for Beginners: Getting started with GitHub security
Learn how to secure your projects and keep them safe with GitHub Advanced Security. The post GitHub for Beginners: Getting started with GitHub security appeared first on The GitHub Blog.
Your job isn't programming
Comments
DeepLoad Malware Uses ClickFix and WMI Persistence to Steal Browser Credentials
A new campaign has leveraged the ClickFix social engineering tactic as a way to distribute a previously undocumented malware loader referred to as DeepLoad. "It likely uses AI-assisted obfuscation and process injection to evade static scanning, while credential theft starts immediately and captures passwords and sessions even if the primary loader is blocked," ReliaQuest researchers Thassanai
An Example of Statistical Investigation of the Text Eugene Onegin – Markov, 1913 [pdf]
22 points, 1 comments on Hacker News
In Case of Emergency, Make Burrito Bison 3 (2017)
15 points, 5 comments on Hacker News
Show HN: Zerobox – Sandbox any command with file and network restrictions
36 points, 32 comments on Hacker News
⚡ Weekly Recap: Telecom Sleeper Cells, LLM Jailbreaks, Apple Forces U.K. Age Checks and More
Some weeks are loud. This one was quieter but not in a good way. Long-running operations are finally hitting courtrooms, old attack methods are showing up in new places, and research that stopped being theoretical right around the time defenders stopped paying attention. There's a bit of everything this week. Persistence plays, legal wins, influence ops, and at least one thing that looks boring
copilot edited an ad into my pr
Comments
3 SOC Process Fixes That Unlock Tier 1 Productivity
What is really slowing Tier 1 down: the threat itself or the process around it? In many SOCs, the biggest delays do not come from the threat alone. They come from fragmented workflows, manual triage steps, and limited visibility early in the investigation. Fixing those process gaps can help Tier 1 move faster, reduce unnecessary escalations, and improve how the entire SOC responds under pressure
Intuiting Pratt Parsing
52 points, 12 comments on Hacker News
Aggregated from public RSS feeds & the Hacker News API · All links point to original sources · Clawship does not republish full articles