frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

Aquasecurity/Trivy GitHub Repository and Homebrew Cask Compromised (again)

https://opensourcemalware.com/repository/https%3A%2F%2Fgithub.com%2Faquasecurity%2Ftrivy%2F
4•mmsc•1h ago

Comments

mmsc•1h ago
The offending commit seems to be: https://github.com/aquasecurity/trivy/commit/1885610c6a34811... which updates the action to `actions/checkout@70379aad1a8b40919ce8b382d3cd7d0315cde1d0 # v6.0.2`. https://github.com/actions/checkout/commit/70379aad1a8b40919... is not actually in `actions/checkout` but a fork, and it pulls malicious code from the typo-squatted "scan.aquasecurtiy.org" (note the _tiy_).

Any system with Trivy 0.69.4 on it (and being run) can be assumed to be compromised.

Kimchi probiotic promotes the excretion of nanoplastics from the gut

https://www.dongascience.com/en/news/76761
1•thunderbong•1m ago•0 comments

Widespread Trivvy GitHub Actions Tag Compromise Exposes CI/CD Secrets

https://socket.dev/blog/trivy-under-attack-again-github-actions-compromise
1•donutshop•4m ago•0 comments

Show HN: A GUI configurator for hidutil, the native macOS keyboard editor

https://ualexk.github.io/macOS-keyboard-configurator-hidutil/
1•harr01•7m ago•0 comments

Show HN: FastPlay, a Windows video player focused on speed and usability

https://github.com/CalvinSturm/FastPlay
1•CalvinBuild•12m ago•1 comments

AI Agents, Contained

https://nemesis8.nuts.services/
1•kordlessagain•15m ago•0 comments

Andrej Karpathy's lab has received the first DGX Station GB300

https://twitter.com/NaderLikeLadder/status/2034771213336420376
1•guiambros•17m ago•0 comments

Show HN: Download entire/partial Substack to ePub for offline reading

https://github.com/kevinlong206/substack2epub/
2•locusofself•20m ago•0 comments

Bluesky announces $100M Series B after CEO transition

https://techcrunch.com/2026/03/19/bluesky-announces-100m-series-b-after-ceo-transition/
3•cratermoon•23m ago•1 comments

The miracle of PowerToys, Microsoft's last great Windows app

https://www.fastcompany.com/91510973/the-miracle-of-powertoys-microsofts-last-great-windows-app
2•Foe•26m ago•0 comments

JavaScript's Trademark Problem (2025)

https://2ality.com/2025/08/javascript-trademark.html
1•jcbhmr•36m ago•0 comments

Show HN: macOS Kokoro-TTS powered document reader – listen to any text

https://apps.apple.com/us/app/raconter-listen-to-any-text/id6760326875?mt=12
1•mattcheston•37m ago•0 comments

OpenClaw: An Opinionated Resource List

https://github.com/EthanYolo01/Awesome-OpenClaw
2•MikeLuLu•39m ago•1 comments

Google's AI Studio now integrates with Firebase for vibe coding production apps

https://blog.google/innovation-and-ai/technology/developers-tools/full-stack-vibe-coding-google-a...
2•zhyder•42m ago•3 comments

Direct kinetic impact. a flying sword. 450km/h

https://twitter.com/CardilloSamuel/status/2034642788541960230
3•keepamovin•44m ago•1 comments

How to stop your autoresearch loop from cheating

https://twitter.com/MilksandMatcha/status/2033971089853059414
1•gmays•45m ago•0 comments

China could be the biggest public funder of science within two years

https://www.nature.com/articles/d41586-026-00618-5
8•mraniki•47m ago•0 comments

OpenClaw demand in China is driving up the price of secondhand MacBooks

https://www.cnbc.com/2026/03/19/openclaw-demand-in-china-is-driving-up-the-price-of-secondhand-ma...
1•lxm•49m ago•0 comments

French sailor's fitness app bungle exposes location of aircraft carrier

https://www.yahoo.com/news/articles/french-sailor-fitness-app-bungle-001827195.html
3•nradov•51m ago•1 comments

The Long Farewell to Mark Zuckerberg's Metaverse

https://www.nytimes.com/2026/03/19/technology/mark-zuckerbergs-metaverse-vr-horizon-worlds.html
4•lxm•1h ago•0 comments

Jeff Bezos in Talks to Raise $100B Fund to Transform Companies with A.I

https://www.nytimes.com/2026/03/19/technology/jeff-bezos-ai-fund-project-prometheus.html
2•lxm•1h ago•1 comments

Ship's Clock – a maritime bell clock that lets you hear time

https://play.google.com/store/apps/details?id=com.shipsclock&hl=en_US
2•mooks•1h ago•0 comments

The Displacement of Cognitive Labor and What Comes Next

https://sahajgarg.github.io/blog/cognitive-labor/
1•outside1234•1h ago•0 comments

I Built an E-Commerce Platform from My Off-Grid Homestead Using AI

https://brianeisenberg.substack.com/p/i-built-an-entire-e-commerce-platform
2•bdetunk•1h ago•1 comments

Reverse-Engineering the Personal AI Supercomputer

https://bay41.com/posts/tiiny-ai-pocket-lab-review/
1•b3ing•1h ago•1 comments

Redox OS AGPLv3 Violation

https://gist.github.com/keepitupkitty/43effb8c8fadecf2101b6c0fc4de8790
3•pabs3•1h ago•1 comments

MCP 2026 Roadmap

https://blog.modelcontextprotocol.io/posts/2026-mcp-roadmap/
2•umangsehgal93•1h ago•0 comments

Agent HTTP – Claude Code HTTP API Made Possible by Channels

https://github.com/mberg/agent-http/
1•mberg•1h ago•1 comments

Supermicro Employees Arrested, Smuggling Nvidia Chips

https://www.wsj.com/tech/super-micro-computer-employees-arrested-for-alleged-sales-to-china-45a2bd73
5•next_xibalba•1h ago•2 comments

Show HN: I wrote an open source SEC filing compliance package

1•jgfriedman1999•1h ago•0 comments

Open Source Pledge

https://opensourcepledge.com/
3•pabs3•1h ago•0 comments