frontpage.
newsnewestaskshowjobs

Open Source @Github

fp.

Open in hackernews

I found a malware hiding in my TailwindCSS config file

https://infosecwriteups.com/i-found-north-korean-dprk-malware-hiding-in-my-tailwind-config-js-45af2283742c
8•donohoe•1h ago

Comments

rebane2001•47m ago
this reads like slop
LoganDark•41m ago
Sure does.
entrope•32m ago
It is hard to have much sympathy for someone who complains about seeing a Git commit they never made but presumably clicked "publish" for a blog post that says "a North Korea-aligned group who targets software developers specifically. Not banks. Not hospitals. Devs." Supply chain security is a huge concern nowadays, and JavaScript in config/build-chain files is a sadly long-lived threat vector against a supply chain.
Teknomadix•26m ago
"I want to be honest about something..." This definitely reads like SLOP. It has got all those unmistakable formulations, patterning of certain phrases and lead in sentences. The signatures of slop.
egypturnash•19m ago
Imagine:

You are a programmer who is all-in on LLM code generation. You get so much written every day! Hundreds of thousand lines of code, and you barely lifted a finger. But... your LLMs are trained on the entirety of Github.

How many repos on there are full of trojans and viruses? How do you know that your super-productive LLM isn't copying those instead of the canonical version of whatever frameworks it's building?

One day you find one. You write a blog post about it. Or, rather, the vague outline of a post. You make an LLM flesh it out, of course. You barely lift a finger.

himata4113•38m ago
I honestly can't even tell if it's real. Like sure everything looks correct, but I just can't shake the feeling that this is just something picked up from reddit and turned into a story.

Either way the prevalence of these is so widespread that you can no longer avoid it by being "smart". Sandbox everything, run vscode in a limited-access box and use the remote development features vscode already has. Run it on another machine if you can.

Use hardware keys (yubikey, token2). Use socket-based authentication. It's hard and a worse dx experience, but there really isn't any other way unless you never touch public libraries or don't use vscode. At bare minimum use a simple jail such as bwrap to strip access to most of the sensitive credentials and limit persistant access.

--

This is probably a hallucinated story based on a real incident. (another post by same author: https://medium.com/bean-bag-scientist/report-01-running-a-fu...)

Understanding the Dynamics of the AI Ecosystem with Pace Layers

https://www.dbreunig.com/2026/07/03/ai-ecosytem-pace-layers.html
1•dbreunig•36s ago•0 comments

For Tailscale, good feedback is private feedback

https://doesmycode.work/posts/for-tailscale-good-feedback-is-private-feedback/
1•steveiliop56•3m ago•1 comments

Show HN: See a Random American

https://a-random-american.github.io
1•tintjosh•4m ago•0 comments

Show HN: WyrmRSS - Self-hosted RSS reader with inline YoutTube

https://github.com/kryoseu/WyrmRSS
1•kryoseu•4m ago•1 comments

Career Advice in the Age of AI

https://twitter.com/philhchen/status/2072793818945167475
1•yarapavan•6m ago•0 comments

The AI Compass

https://bambamramfan.github.io/ai-compass/
1•FLpxpyJ•7m ago•0 comments

Ask HN: America turns 250 today. What does it mean to you?

2•abixb•8m ago•0 comments

Make a website to learn Chinese and Enghlish

https://learnudot.com
1•jeyzolo•9m ago•0 comments

Agentic test processes, LLM benchmarks

https://danluu.com/ai-coding/
1•eatonphil•10m ago•0 comments

Work on multiple projects at once (ONE terminal window for everything)

https://github.com/philmard/mygrid
1•fmard•10m ago•1 comments

UPower 1.91.3 Fixes Behavior to Avoid Degrading Your Laptop Battery Faster

https://www.phoronix.com/news/UPower-1.91.3
1•Bender•11m ago•0 comments

The Polarization Trap: Gender Based Challenges to Liberal Democracy

https://richprocida.substack.com/p/gender-and-the-polarization-trap
1•RichProcida•12m ago•0 comments

4K 60 FPS USB Video Capture Becomes Less Problematic on Linux

https://www.phoronix.com/news/4K-60-FPS-USB-Video-Capture
1•Bender•12m ago•0 comments

How to Tax a Billionaire

https://www.motherjones.com/politics/2026/06/california-billionaire-tax-billionaires-wealth-gap-u...
1•mukmuk•13m ago•0 comments

Show HN: Gemma 3 inference in pure C++ with Metal acceleration

https://github.com/ybubnov/metalchat
1•ybubnov•13m ago•0 comments

Recovering outgoing reply-edges from a local X archive (with a bonus SVG)

https://github.com/responsiblparty/twitterverse
1•responsiblparty•14m ago•0 comments

Airplane Boneyards List and Map

https://airplaneboneyards.com/airplane-boneyards-list-and-map.htm
2•hyperific•15m ago•0 comments

CATL is building more than 200 battery swap stations every month

https://electrek.co/2026/07/04/catl-is-building-more-than-200-battery-swap-stations-every-month/
1•Bender•16m ago•0 comments

Show HN: SurfSkills – agent skills, each with a video of it working

https://surfskills.surf/discover
2•ephx•17m ago•0 comments

The World Cup is listed on Polymarket and Kalshi. They aren’t the same bet.

https://crosswire-api.com/
1•NicolasDJ04•18m ago•0 comments

Fable created novel 4D splat format

https://adamraudonis.github.io/splats4D/
1•adamraudonis•19m ago•1 comments

OpenSparrow – Schema-driven PHP and Postgres platform for CRUD zero dependencies

https://opensparrow.org/en/
1•tomaszwrobel•27m ago•0 comments

Reshaping the Quantum Arrow of Time

https://journals.aps.org/prx/abstract/10.1103/l18s-9vmh
1•bookofjoe•27m ago•0 comments

I challenged 4 AIs to break my local AI's safety architecture – none could

https://kaufe-es.eu/
1•Zabel•28m ago•0 comments

How Natural Is Artifical Intelligent?

https://jotaalvim.github.io/blogs/ai.html
1•jotaalvim•28m ago•0 comments

Started My Startups and Funding Based Instagram Theme Page

https://www.instagram.com/accounts/login/?next=https%3A%2F%2Fwww.instagram.com%2Fthebytebeat%2F&i...
1•Samrat_Neupane_•32m ago•0 comments

Dolosse – a South African invention used over the world

https://thisbugslife.com/2021/11/21/dolosse-a-south-african-invention-used-over-the-world/
2•andsoitis•35m ago•0 comments

Forest Brothers Game: Survive the Russian Cold War Occupation of Estonia

https://www.rebootinganation.com/forest-brothers
1•atlasunshrugged•37m ago•1 comments

Book on Probability and Statistics for Data Science with videos / code

https://www.ps4ds.net/
2•levmarq•37m ago•1 comments

AI Humanoid Robot Companions

https://www.reuters.com/technology/chinas-ubtech-launches-ai-powered-lifelike-companion-robots-20...
2•takerofnaps•38m ago•1 comments