HN
Paper
All
Show
Ask
Jobs
Top
Today
Last 7 days
Last months
This year
Statistics
All
Show
Ask
Jobs
Top stories
Today
Last 7 days
Last months
This year
Statistics
Stories by
varunsharma07
Ongoing NPM supply chain attack uses binding.gyp to spread like a worm
6 points
varunsharma07
2026-06-04T04:18:43Z
github.com
Laravel-Lang Supply Chain Attack
3 points
varunsharma07
2026-05-23T01:04:53Z
github.com
NX VS Code extension compromised again
4 points
varunsharma07
2026-05-18T20:47:07Z
github.com
Actions-cool/issues-helper GitHub Action Compromised
3 points
varunsharma07
2026-05-18T20:46:08Z
github.com
Malicious node-IPC Versions Published to NPM
6 points
varunsharma07
2026-05-14T16:29:45Z
github.com
Postmortem: TanStack NPM supply-chain compromise
1094 points
varunsharma07
2026-05-11T21:08:25Z
tanstack.com
Hundreds of GitHub Python Repos Compromised via Account Takeover and Force-Push
5 points
varunsharma07
2026-03-14T16:39:35Z
www.stepsecurity.io
Show HN: Scan your dev machine for AI agents, MCP servers, and IDE extensions
9 points
varunsharma07
2026-03-12T18:55:52Z
github.com
Xygeni/xygeni-action GitHub Action is compromised – poisoned tag is still live
2 points
varunsharma07
2026-03-09T22:32:57Z
www.stepsecurity.io
Hackerbot-Claw: AI Bot Exploiting GitHub Actions – Microsoft, Datadog Hit So Far
27 points
varunsharma07
2026-03-01T09:22:56Z
www.stepsecurity.io
GitHub Actions is left vulnerable to supply chain attacks: Datadog Report
4 points
varunsharma07
2026-02-26T18:30:34Z
www.datadoghq.com
Cline Supply Chain Attack: Cline 2.3.0 Silently Installs OpenClaw
12 points
varunsharma07
2026-02-18T10:14:38Z
www.stepsecurity.io
Harden Runner Detected the SHA1-Hulud Supply Chain Attack in CNCF's Backstage
1 points
varunsharma07
2025-12-03T19:55:20Z
www.stepsecurity.io
Popular Nx Build System NPM Package Compromised with Data Stealing Malware
10 points
varunsharma07
2025-08-27T03:19:30Z
www.stepsecurity.io
Suspicious Tag Change in AWS's GitHub Action: What Happened and Why It Matters
3 points
varunsharma07
2025-08-14T17:31:04Z
www.stepsecurity.io
Num2words PyPI Package Compromised
22 points
varunsharma07
2025-07-28T16:55:21Z
www.stepsecurity.io
eslint-config-prettier npm package compromised
72 points
varunsharma07
2025-07-18T20:55:23Z
www.stepsecurity.io
Grafana GitHub Actions Security Incident
10 points
varunsharma07
2025-04-28T01:02:29Z
www.stepsecurity.io
Tj-actions/changed-files GitHub Action Compromised – used by over 23K repos
269 points
varunsharma07
2025-03-14T22:29:46Z
www.stepsecurity.io
CI/CD supply chain attack on Azure Karpenter Provider open-source project
3 points
varunsharma07
2024-11-25T20:29:01Z
www.stepsecurity.io
1