frontpage.

Shai-Hulud 2.0 emerged in November 2025, compromising 738 npm packages and affecting 25,000+ repositories. This is an evolution of the September 2025 attack with new attack vectors:

- Uses `preinstall` hooks (executes earlier than `postinstall`) - Creates malicious GitHub workflows with self-hosted runners - Attempts Docker privilege escalation - Targets multi-cloud credentials

OreNPMGuard v2.0.0 detects both the original and 2.0 variants, scanning for: - 1,291 unique compromised package@version combinations - Malicious hooks, payload files, GitHub workflows - Docker privilege escalation patterns - All known IoCs

Available in Python and Node.js, with GitHub Actions integration.

GitHub: https://github.com/rapticore/OreNPMGuard Threat research: https://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attack

If you've installed any affected packages, rotate your credentials immediately.

Hollywood's dark era: where did all the colour from movies go?

Xleak – terminal Excel viewer with an interactive TUI

Those who fly too close to the SUN (Microsystems) eventually get burned

Show HN: I built an O(N) AI using an Agent Swarm. Asking for audit

The Bitter Lesson of LLM Extensions

Lower LDL cholesterol linked to higher type 2 diabetes risk indep. of statin use

TSMC Arizona Outage Saw Fab Halt, Apple Wafers Scrapped

Valve coder confirms the Steam Machine will be priced like a PC

Powerset's natural language search system (2012)

Blue Origin to Build a "Super Heavy" Rocket to Compete with Starship

Mind-reading devices can now predict preconscious thoughts: is it time to worry?

Installing Java in 2025, and Version Managers

Companies are crafting new ways to grow cocoa and chocolate alternatives (2024)

What's Like to Be an AI/ML Engineer

Run Local Speech-to-Text Transcription

Protecting Data-in-Use in the Cloud: A Pragmatic Philosophy

Enumerating Three Billion Accounts on WhatsApp [pdf]

Building CallSpark (browser based VoIP): what I learned and what caused pain

Kennedy sharpens vaccine attacks, without scientific backing

Show HN: Prismle – From Query to Candidates in One Human Sentence

Nancy Pelosi posted up a staggering 16,930% return, beat the market by 581%

Whole-body Learning in Creating Mathematical/Architectural Structures [pdf]

Vikings. Vikings Everywhere

"Eye" evolving from the Bronze Age to today [video]

Lower cooling costs with deployment of quantum computers in the stratosphere

Americans are holding onto devices longer than ever and it's costing the economy

Micropackages and Open Source Trust Scaling (2016)

We deleted our Dockerfiles: a better, faster way to build container images

Gemini 3 beaks OpenAI's long-standing lead in SRE tasks

First New Malaria Drug in Years Performs Strongly in Late-Stage Testing

OreNPMGuard v2.0.0 – OSS for Shai-Hulud 2.0 NPM supply chain attack