Supply Chain Attack Targeting Linux and Mac

Comments (3)

hm-nah · 11h ago

I got smooched by this mofo. Got an email from GitHub Sec saying a repo in my own account was deleted because of a known vuln.

My NX Console EXTENSION in VS Code was updated after the supply chain attack was initialized by the malicious actor.

The symptom, besides the email from GitSec, was all my terminals initialized prompted for sudo pw, because ~/.bashrc had sudo shutdown appended.

hm-nah · 11h ago

The Kaspersky article says the hackers were focused on crypto wallets, env vars, and ssh keys, but what about .azure/cache-tokens.json, .aws/creds, .gcp/creds, etc.?

palmfacehn · 9h ago

And the worst toolchain+ecosystem award goes to...

Cracks in the Earth Are Slicing Through Cities (scientificamerican.com)

NASA's Webb Telescope just found 300 galaxies that defy explanation (sciencedaily.com)

Curated list of 500 AI Agents and their use cases across industries (github.com)

OpenAI to take cut of ChatGPT shopping sales in hunt for revenues (ft.com)

No Clicks, No Content: The Unsustainable Future of AI Search (bradt.ca)

Ask HN: Would this idea combat the population decline problem in many countries?

Show HN: Vedic astrology powered by LLM and astronomical data (hellopandit.in)

Observations of Thwaites Glacier consistent with high rates of loss next 50 yrs (essopenarchive.org)

AI and Games

Jujutsu for Everyone (jj-for-everyone.github.io)

Can Vitamin D supplements slow aging, as a recent study suggests? (medicalxpress.com)

Show HN: I built a web UI for Gemini 2.5 Flash to solve AI image consistency (flash-image.art)

Building a Culture of Focus in a Distracted World (rishigoomar.com)

FDA official demands removal of YouTube videos of himself criticizing vaccines (theguardian.com)

Scientists Directly Measure 0-Point Motion That Can't Be Explained Classically (thedebrief.org)

Why scientists are flocking to Substack (nature.com)

AI Agents and the Future of Grocery Delivery (platformaeronaut.com)

Show HN: Berlin Swapfest #3 – 30 years of C-base edition (swapfest.berlin)

Is It a Good Idea to Have a Best Friend at Work? (medium.com)

Next.js Is Infuriating (blog.meca.sh)

U.S. Startup Plans to Beam Sunlight Using Space Mirrors (orbitaltoday.com)

Anyone using Jolla C2? How is it? (commerce.jolla.com)

Show HN: A Simple Demonstration of PassKeys in iOS (littlegreenviper.com)

Model Letter Sent to Tech Companies from Chairman Ferguson [pdf] (ftc.gov)

Older developers are down with the vibe coding vibe (theregister.com)

3D-printed smart materials boost tactile sensor performance in wearable devices (techxplore.com)

Data Centers May House AI–But Operators Don't Trust AI (Yet) (spectrum.ieee.org)

Cline and LM Studio: the local coding stack with Qwen3 Coder 30B (cline.bot)

Historians See Autocratic Playbook in Trump's Attacks on Science (nytimes.com)

Typechecking is undecidable when 'type' is a type (dspace.mit.edu)

Replacing a Cache Service with a Database (avi.im)

A failed experiment in laptop cooling (kevinboone.me)

Daniel Jackson on WYSIWID: Rethinking software structure to enable LLM coding (essenceofsoftware.com)

Chaotic Food: The Attraction of the Standard American Diet (exfatloss.com)

The man behind OpenAI's global expansion and its effort to win the enterprise (cnbc.com)

How I Manage My Dotfiles (jvt.me)

Ollama Feature Parity for ACP (github.com)

Contributing a verse: when users become docs authors (passo.uno)

Does Work-Life Balance Make You Mediocre? (calnewport.com)

Chatbots Can Go into a Delusional Spiral (nytimes.com)

Turn off Cursor, turn on your mind (allvpv.substack.com)

Navy Fighter Pilots Need to Gain Trust in Pilotless Wingmen by Flying with Them (twz.com)

Stocks for the Long Run: 327 Years of British Equity History (2019) (finaeon.com)

Show HN: GitTalk – DMs and realtime PR/Issue chat inside GitHub (github.com)

Sycamore Partners finishes deal to take drugstore chain Walgreens private (apnews.com)

Show HN: gh-personality – analyze GitHub activity into a personality (with demo) (github.com)

Nyxstone: An LLVM-based (Dis)assembly Framework (emproof.com)

A Philosophy of Software Design vs. Clean Code (github.com)

Hackers are now hiding malware in the images served up by LLMs (techradar.com)

OEmbed (oembed.com)

Supply Chain Attack Targeting Linux and Mac

Comments (3)