news newest ask show jobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

Attempts to post the latest Trivy security incident have been marked [dead]

https://news.ycombinator.com/from?site=github.com%2Faquasecurity

19•JoshuaDavid•1h ago

Comments

JoshuaDavid•1h ago

Trivy (a very widely-used security scanner) was recently compromised. Anyone who installed the aquasecurity/trivy-action dependency by tag rather than by sha during a 3 hour period on March 19 was likely compromised. There is a Github security advisory at https://github.com/aquasecurity/trivy/security/advisories/GH...

6 separate people have tried to submit this to HN. All of the submissions are marked as [dead]. I am unsure whether this is a malicious action taken by the actors who compromised trivy or whether it's just the result of prior spam under github.com/aquasecurity, but regardless it is probably not ideal for security advisories to be auto-marked as [dead].

mtmail•1h ago

Looks like the repository URL was marked [dead] for several years, I can't tell why. Best to email the moderator (link in footer).

Big security stories often get republished, one might say reviewed and filtered. For this story I see

opensourcemalware.com - https://news.ycombinator.com/item?id=47449498

stepsecurity.io - https://news.ycombinator.com/item?id=47451081

arstechnica.com - https://news.ycombinator.com/item?id=47464996

and 4 others.

kay_o•1h ago

Looking at https://news.ycombinator.com/from?site=github.com/aquasecuri... around 2024 when the dead started, a spambot ring was repeatedly posting it?

esafak•3m ago

Remember to use a cooldown with your dependency updater!

Creating Prediction Markets with Tarek Mansour and Luana Lopes Lara

https://cheekypint.substack.com/p/creating-prediction-markets-and-suing

1•hhs•2m ago•0 comments

In this economy? Sydney In Me has created a free tool using free services

https://taplink.cc/sydneyinme

1•iiviivix•5m ago•1 comments

Looking at Unity made me understand the point of C++ coroutines

https://mropert.github.io/2026/03/20/unity_cpp_coroutines/

1•ingve•9m ago•0 comments

Inside the AI labs training China's humanoid robots

https://www.ft.com/content/85bca5c7-f64b-4011-bc7c-9ce3254a2b78

2•hhs•12m ago•0 comments

WikiWikiWiki

https://github.com/minguhong/WikiWikiWiki

2•cookingoils•14m ago•0 comments

AI systems are more similar to indent(1), than to the human process

https://marc.info/?l=openbsd-tech&m=177411863202734&w=2

2•longislandguido•24m ago•1 comments

I built a FIX protocol engine in Rust that's 4.5x faster than QuickFIX/J

https://github.com/matthart1983/velocitas-fix-engine

1•matthart1983•24m ago•0 comments

Hardware-level signals: Fiction is smoother than truth

https://www.orsonai.com/publications/tes1-pre-generative-epistemic-signal.html

1•JakubCwi•27m ago•0 comments

Management Craft

https://www.managementcraft.co/

1•handfuloflight•27m ago•0 comments

AI for Particle Physics: Searching for Anomalies

https://spectrum.ieee.org/particle-physics-ai

1•rbanffy•31m ago•0 comments

Martial Arts Robots

https://www.youtube.com/watch?v=UTq2o7RQs0A

1•M4v3R•31m ago•0 comments

AI Chatbots Keep Encouraging Violence. That's by Design

https://weaponizedspaces.substack.com/p/ai-chatbots-keep-encouraging-violence

2•rbanffy•33m ago•0 comments

How are you so sure this is not just another winter

3•shoman3003•33m ago•1 comments

Ask HN: Latitude.sh / datapacket.com for bare metal servers?

1•truetraveller•35m ago•0 comments

PyTorch Init Functions Explained Visually [video]

https://www.youtube.com/shorts/pp6jV-sd_a0

1•0bytematt•37m ago•0 comments

Show HN: Cycle – inverse-Pomodoro for macOS that nags you to rest

https://github.com/saint-angels/CYCLE

1•saint_angels•38m ago•0 comments

George R. R. Martin Is "Not in the Mood" to Finish the Winds of Winter

https://www.esquire.com/entertainment/books/a64917333/george-rr-martin-the-winds-of-winter-update...

1•randycupertino•40m ago•2 comments

Yeah: LLM-powered yes/no CLI tool

https://github.com/crawshaw/yeah

4•super_linear•42m ago•0 comments

Fun with CSF firmware (RK3588 GPU firmware)

https://icecream95.gitlab.io/fun-with-csf-firmware.html

2•M95D•45m ago•0 comments

Terminal-based telemetry plugin for Claude Code

https://hook-hero-web.vercel.app

2•happinesszhang•46m ago•1 comments

Manufacturing Legitimacy in the AI era ($8M fraud)

https://om.co/2026/03/21/manufacturing-legitimacy-in-the-ai-era/

2•rmason•46m ago•0 comments

Show HN: Signet-eval offers deterministic policy enforcement for Claude Code

https://jmcentire.github.io/signet-eval/

1•jmcentire2025•47m ago•0 comments

Show HN: Pi and Ghostty Running on Cloudflare Workers

https://github.com/qaml-ai/pi-worker/tree/main/examples/terminal-agent

1•vercantez•49m ago•0 comments

Acme device attestation, smallstep and pkcs11: attezt

https://linderud.dev/blog/acme-device-attestation-smallstep-and-pkcs11-attezt/

1•Foxboron•50m ago•0 comments

AI wants your soul. I just want your long link

https://tiras.pro

1•hp2090•59m ago•0 comments

Death of the IDE?

https://addyo.substack.com/p/death-of-the-ide

6•ingve•1h ago•2 comments

Halide co-founder is suing former partner for bringing source code to Apple

https://www.theverge.com/business/898687/halide-lawsuit-co-founder-apple

2•rorylawless•1h ago•0 comments

Show HN: Context.dev – One API to scrape, enrich, and understand the web

https://www.context.dev

2•ICodeSometimes•1h ago•0 comments

Aunt got scammed and sent $50k+

https://veritrue.ai/

3•cheroll•1h ago•1 comments

I made this app 'Mind Influence Lab' for experimenting consciousness hypothesis

1•Wickeddarko•1h ago•0 comments