frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

LLMs are powerful, but enterprises are deterministic by nature

3•prateekdalal•2h ago•1 comments

Ask HN: Anyone Using a Mac Studio for Local AI/LLM?

45•UmYeahNo•1d ago•28 comments

Ask HN: Ideas for small ways to make the world a better place

13•jlmcgraw•15h ago•19 comments

Ask HN: Non AI-obsessed tech forums

23•nanocat•13h ago•20 comments

Ask HN: 10 months since the Llama-4 release: what happened to Meta AI?

44•Invictus0•1d ago•11 comments

Ask HN: Non-profit, volunteers run org needs CRM. Is Odoo Community a good sol.?

2•netfortius•10h ago•1 comments

Ask HN: Who wants to be hired? (February 2026)

139•whoishiring•4d ago•514 comments

Ask HN: Who is hiring? (February 2026)

313•whoishiring•4d ago•511 comments

AI Regex Scientist: A self-improving regex solver

6•PranoyP•17h ago•1 comments

Tell HN: Another round of Zendesk email spam

104•Philpax•2d ago•54 comments

Ask HN: Is Connecting via SSH Risky?

19•atrevbot•2d ago•37 comments

Ask HN: Has your whole engineering team gone big into AI coding? How's it going?

17•jchung•2d ago•12 comments

Ask HN: Why LLM providers sell access instead of consulting services?

4•pera•23h ago•13 comments

Ask HN: What is the most complicated Algorithm you came up with yourself?

3•meffmadd•1d ago•7 comments

Ask HN: How does ChatGPT decide which websites to recommend?

5•nworley•1d ago•11 comments

Ask HN: Is it just me or are most businesses insane?

7•justenough•1d ago•7 comments

Ask HN: Mem0 stores memories, but doesn't learn user patterns

9•fliellerjulian•2d ago•6 comments

Ask HN: Any International Job Boards for International Workers?

2•15charslong•12h ago•2 comments

Ask HN: Is there anyone here who still uses slide rules?

123•blenderob•3d ago•122 comments

Kernighan on Programming

170•chrisjj•4d ago•61 comments

Ask HN: Anyone Seeing YT ads related to chats on ChatGPT?

2•guhsnamih•1d ago•4 comments

Ask HN: Does global decoupling from the USA signal comeback of the desktop app?

5•wewewedxfgdf•1d ago•3 comments

We built a serverless GPU inference platform with predictable latency

5•QubridAI•2d ago•1 comments

Ask HN: Does a good "read it later" app exist?

8•buchanae•3d ago•18 comments

Ask HN: How Did You Validate?

4•haute_cuisine•1d ago•6 comments

Ask HN: Have you been fired because of AI?

17•s-stude•4d ago•15 comments

Ask HN: Cheap laptop for Linux without GUI (for writing)

15•locusofself•3d ago•16 comments

Ask HN: Anyone have a "sovereign" solution for phone calls?

12•kldg•3d ago•1 comments

Test management tools for automation heavy teams

2•Divyakurian•2d ago•2 comments

Ask HN: OpenClaw users, what is your token spend?

14•8cvor6j844qw_d6•4d ago•6 comments
Open in hackernews

GitHub Attack – branches sending secrets to webhook

11•danieldspx•4mo ago
A lot of repos are being under attack where branches are being created under the name [REDACTED] to trigger GH actions and send all secrets to a webhook website. This is new and here is an example:

[REDACTED]

Just search on github and you will see planty repos.

Comments

danieldspx•4mo ago
I redacted the names to avoid spreading and teaching people how to get other people's secrets. I am in contact with Github and will update here once they solve the issue.
danieldspx•4mo ago
Redacted names are shai-hulud, everybody knows by now haha
patbuchanan•4mo ago
We got hit. Cleaned up but still trying to find the origin. Assuming a VS Code plugin at this point that must have been poisoned. Have you found anything?

You can see if your account is leaking by searching for any branches of that [REDACTED] name:

for repo in $(gh repo list YOUR_ACCOUNT --json name -q '.[].name'); do if gh api repos/YOUR_ACCOUNT/$repo/branches/REDACTED &>/dev/null; then echo " Found 'REDACTED' in: $repo" fi done