Bleeping Computer

Hackers steal 3,325 secrets in GhostAction GitHub supply chain attack

A new supply chain attack on GitHub, dubbed 'GhostAction,' has compromised 3,325 secrets, including PyPI, npm, DockerHub, GitHub tokens, Cloudflare, and AWS keys. The attack was discovered by ...
Bleeping Computer

AI-powered malware hit 2,180 GitHub accounts in “s1ngularity” attack

Investigations into the Nx "s1ngularity" NPM supply chain attack have unveiled a massive fallout, with thousands of account tokens and repository secrets leaked. According to a post-incident ...
Hackaday

Arduino Hacks

[WhiskeyTangoHotel] wrote in with his newest clock build — and he did warn us that it was minimalist and maybe less than useful. Indeed, it is nothing more than a super-cheap ESP32-C3 breakout board ...
GitHub

npm debug, color-convert, backslash, error-ex, simple-swizzle, is-arrayish, color-name, color-string have incorrect wildcard version in their malware advisory (2025-09-08)

color-convert 3.1.1 https://github.com/Qix-/color-convert/issues/121 GHSA-ch7m-m9rf-8gvv backslash 0.2.1 https://github.com/Qix-/node-backslash/issues/5 GHSA-m2xf ...
GitHub

WorldVLA: Towards Autoregressive Action World Model

WorldVLA is an autoregressive action world model that unifies action and image understanding and generation. WorldVLA intergrates Vision-Language-Action (VLA) model (action model) and world model in ...
Hackaday

FLOSS Weekly Episode 848: Open The Podbay Doors, Siri

This week Jonathan and Rob chat with Paulus Schoutsen about Home Assistant, ESPHome, and Music Assistant, all under the umbrella of the Open Home Foundation. Watch to see Paulus convince Rob and ...