#Tag
Novo ciberataque “Shai-Hulud” propaga-se como um verme e compromete 187 pacotes npm
🔗 https://tugatech.com.pt/t71903-novo-ciberataque-shai-hulud-propaga-se-como-um-verme-e-compromete-187-pacotes-npm
#API #ataque #cascata #CD #CI #ciberataque #Github #google #javascript #linkedin #malware #npm #phishing #riscos #segurança #servidor #software
Novo ciberataque “Shai-Hulud” propaga-se como um verme e compromete 187 pacotes npm
🔗 https://tugatech.com.pt/t71903-novo-ciberataque-shai-hulud-propaga-se-como-um-verme-e-compromete-187-pacotes-npm
#API #ataque #cascata #CD #CI #ciberataque #Github #google #javascript #linkedin #malware #npm #phishing #riscos #segurança #servidor #software
Either way, I had cases of vandalism and harrassment and #Github nit only dwalt wih them quickly but has working tools to ban offending accounts quickly.
Recently we've been thinking about how we share code (and other design files) for our #OpenSource projects and products.
@span amcewen has written about the flaws in centralized options like Github and Gitlab, and why self-hosting isn't the answer.
Maybe we need some #CodeCommons?
https://mcqn.com/posts/code,-sharing-and-single-points-of-failure/
There is an on-going malware attack targeting users of GitHub Desktop by buying ads on search engines that link to a committed Readme files on the GitHub Desktop repo with links to malicious versions of the app. This attack is on-going. I just found another attempt from a few days ago.
I found an Ad of the same kind on Duck Duck Go, so it's not just Google.
The details of the attack are described in detail in this article.
Recently we've been thinking about how we share code (and other design files) for our #OpenSource projects and products.
@span amcewen has written about the flaws in centralized options like Github and Gitlab, and why self-hosting isn't the answer.
Maybe we need some #CodeCommons?
https://mcqn.com/posts/code,-sharing-and-single-points-of-failure/
There is an on-going malware attack targeting users of GitHub Desktop by buying ads on search engines that link to a committed Readme files on the GitHub Desktop repo with links to malicious versions of the app. This attack is on-going. I just found another attempt from a few days ago.
I found an Ad of the same kind on Duck Duck Go, so it's not just Google.
The details of the attack are described in detail in this article.
Me:
> Now GritHub won't let me see the text in a text file without running their proprietary JavaScript,
@span Suiseiseki
> If you add ?raw=true to the URL - sometimes github will actually send you the file
Great tip!
(1/2)
FFS. Now GritHub won't let me see the text in a text file without running their proprietary JavaScript, eg;
https://github.com/MariaDB/server/blob/main/COPYING
(Using LibreFox on Fedora GNU/Linux)
Why is any Open Source project still using this rapidly enshittifying monstrosity? There are dozens of community-hosted replacements, and if you have the skills or support from someone who does, you've even got the option of hosting your own;
https://wiki.p2pfoundation.net/List_of_Community-Hosted_Code_Forge_Instances
FFS. Now GritHub won't let me see the text in a text file without running their proprietary JavaScript, eg;
https://github.com/MariaDB/server/blob/main/COPYING
(Using LibreFox on Fedora GNU/Linux)
Why is any Open Source project still using this rapidly enshittifying monstrosity? There are dozens of community-hosted replacements, and if you have the skills or support from someone who does, you've even got the option of hosting your own;
https://wiki.p2pfoundation.net/List_of_Community-Hosted_Code_Forge_Instances
Looking to leave GitHub?
Try Codeberg — it's Git, but based in Germany (Europe), without all of Microsoft's nonsense. They're also on the Fediverse: @Codeberg.
But wait — it gets better!
Codeberg is open source, and you can even host your own instance. The software is called Forgejo, built by the same folks behind Codeberg, and they're on the Fediverse too: @forgejo.
#GitHub#GitLab#Git#FOSS#OpenSource#DigitalSovereignty#Microsoft
Looking to leave GitHub?
Try Codeberg — it's Git, but based in Germany (Europe), without all of Microsoft's nonsense. They're also on the Fediverse: @Codeberg.
But wait — it gets better!
Codeberg is open source, and you can even host your own instance. The software is called Forgejo, built by the same folks behind Codeberg, and they're on the Fediverse too: @forgejo.
#GitHub#GitLab#Git#FOSS#OpenSource#DigitalSovereignty#Microsoft
Hey #rust community, crazy idea:
A crate registry without #Microsoft as a gatekeeper.
If I started one, would you publish your library there?
What should I name it?
Background:
you can't publish on crates.io without #Github account = #microsoft's permission.
https://github.com/rust-lang/crates.io/issues/326
As we all know, Microsoft has a history of supporting #Linux and we should trust them.
https://www.theregister.com/2001/06/02/ballmer_linux_is_a_cancer/
pffft lol. Just no.
📣 È uscito il nuovo episodio della #newsletter NINAsec!
🗞️ Due exploit analizzati: #AI prompt injection e #Github PR abuse
... ma anche breve recap della settimana cyber
https://ninasec.substack.com/p/security-weekly-ai-prompt-injection
📣 È uscito il nuovo episodio della #newsletter NINAsec!
🗞️ Due exploit analizzati: #AI prompt injection e #Github PR abuse
... ma anche breve recap della settimana cyber
https://ninasec.substack.com/p/security-weekly-ai-prompt-injection
A space for Bonfire maintainers and contributors to communicate