HN Reader

Weave (YC W25) is hiring an AI engineer (ycombinator.com)

1 points by adchurch 13h ago 0 comments

CoinTracker (YC W18) is hiring to solve crypto taxes and accounting (remote)

1 points by chanfest22 1d ago 0 comments

Crimson (YC X25) is hiring founding engineers in London (ycombinator.com)

1 points by markfeldner 1d ago 0 comments

Martin (YC S23) Is Hiring Founding Engineers to Build a Better Siri (ycombinator.com)

1 points by darweenist 2d ago 0 comments

Meticulous (YC S21) is hiring in UK to redefine software dev (tinyurl.com)

1 points by Gabriel_h 2d ago 0 comments

Infisical (YC W23) Is Hiring DevRel Engineers (ycombinator.com)

1 points by vmatsiiako 3d ago 0 comments

Sieve (YC X25) is hiring researchers to build large video datasets for AI labs (sievedata.com)

1 points by mvoodarla 4d ago 0 comments

Activeloop (YC S18) Is Hiring AI Search and Python Back End Engineers(Onsite,MV) (careers.activeloop.ai)

1 points by davidbuniat 5d ago 0 comments

Attimet (YC F24) – Quant Trading Research Lab – Is Hiring Founding Researcher (ycombinator.com)

1 points by kbanothu 8d ago 0 comments

Metriport (YC S22) is hiring engineers to improve healthcare data exchange (ycombinator.com)

1 points by dgoncharov 10d ago 0 comments

Telli (YC F24) Is Hiring Engineers [On-Site Berlin] (hi.telli.com)

1 points by sebselassie 11d ago 0 comments

Continue (YC S23) is hiring software engineers in San Francisco (ycombinator.com)

1 points by sestinj 12d ago 0 comments

UpCodes (YC S17) is hiring a Head of Ops to automate construction compliance (up.codes)

1 points by Old_Thrashbarg 12d ago 0 comments

Enhanced Radar (YC W25) is hiring a founding engineer

1 points by EricButton 12d ago 0 comments

Converge (YC S23) well-capitalized New York startup seeks product developers (runconverge.com)

1 points by thomashlvt 13d ago 0 comments

Kyber (YC W23) Is Hiring Enterprise BDRs (ycombinator.com)

1 points by asontha 13d ago 0 comments

MindsDB (YC W20) is hiring an AI solutions engineer (job-boards.greenhouse.io)

1 points by adam_carrigan 14d ago 0 comments

Recurse Center (YC S10) Is Hiring a Career Facilitator (recurse.notion.site)

1 points by nicholasjbs 14d ago 0 comments

Cua (YC X25) is hiring an engineer (ycombinator.com)

1 points by GreenGames 15d ago 0 comments

Noloco (YC S21) is hiring a founder's associate in Barcelona (ycombinator.com)

1 points by darraghmckay 15d ago 0 comments

14.ai (YC W24) hiring founding engineers in SF to build a Zendesk alternative (14.ai)

1 points by michaelfester 16d ago 0 comments

Lago (Open-Source Usage Based Billing) is hiring for ten roles (ycombinator.com)

1 points by AnhTho_FR 18d ago 0 comments

Spark AI (YC W24) is hiring a full-stack engineer in SF (founding team) (ycombinator.com)

1 points by juliawu 19d ago 0 comments

Bitmovin (YC S15) Is Hiring a Junior Solutions Engineer in Denver (bitmovin.com)

1 points by slederer 19d ago 0 comments

SigNoz (YC W21, Open Source Datadog) Is Hiring DevRel Engineers (Remote)(US) (ycombinator.com)

1 points by pranay01 20d ago 0 comments

AccessOwl (YC S22) is hiring an Elixir Engineer to connect 100s of SaaS (ycombinator.com)

1 points by mathiasn 20d ago 0 comments

FurtherAI (YC W24) Is Hiring for Software and AI Roles (ycombinator.com)

1 points by sgondala_ycapp 21d ago 0 comments

Yarn (YC W24) is hiring engineers in NYC (ycombinator.com)

1 points by jasperstory 21d ago 0 comments

Expand.ai (YC S24) is hiring a founding engineer

1 points by timsuchanek 22d ago 0 comments

Optifye.ai (YC W25) is hiring a back end engineer

1 points by Vivaan_Baid 24d ago 0 comments

Kastle (S24) is hiring an engineer (ycombinator.com)

1 points by rishi443 24d ago 0 comments

North Korean XORIndex malware hidden in 67 malicious NPM packages

30 Bogdanp 8 7/16/2025, 8:23:08 AM bleepingcomputer.com ↗

Comments (8)

bn-l · 21h ago
It’s weird how an npm package can just do all this still, to this day.
Bridged7756 · 14h ago
Given the size of the JavaScript ecosystem, it is indeed baffling how behind npm is. One npm i and a typo away from getting hacked.
cyanydeez · 17h ago
North korea and others are likely going if not already, setup an uno reverso and get applicants to do screening tests that require downloading malicious packages.
owebmaster · 19h ago
I "got" hacked by a North Korean hacker. I was lucky the dumb virus was meant for Mac and Windows, not Linux. It got installed to my computer but attempted to steal credentials in places there did not exist in my computer, but it was a close call.

After that I never used npm again.

hollerith · 10h ago
Do you use apps built on Electron? The npm packages chosen for inclusion in the app are not sandboxed in any way IIUC (at least on Linux that is the case).

Some security people are warning against Electron (at least on Linux):

https://github.com/secureblue/secureblue/issues/193#issuecom...

owebmaster · 10h ago
Yeah. Only Codium (VSCode fork) tho and now that I thought about it, time to stop using it.
braebo · 10h ago
How did you know? Now I’m worried I’ve been hacked a billion times testing npm packages just today.
owebmaster · 10h ago
> How did you know?

A recruiter profile disappeared from my inbox in linkedin after I sent a PR to a github project for a an interview so I got suspicious and checked if there was any unrecognized open connection usng `lsof -nPi | grep ESTABLISHED` and there was one, found the script, read it to see what it did - tried to steal crypto and browser credentials.

To be sure it did not install other stuff I could not find I did a full reinstall of the OS. Now I don't use npm ever again.