Ars Technica NewsMar 13
Supply-chain attack using invisible code hits GitHub and other repositories https://arstechni.ca/LKbk #supplychainattacks #publicuseareas #Security #Unicode #Biz&IT
Supply-chain attack using invisible code hits GitHub and other repositories

Unicode that's invisible to the human eye was largely abandoned—until attackers took notice.

Ars Technica
Marko JahnkeMar 12

Es gibt beim Einsatz einer weitreichenden #HomeAutomation schwere nicht zu vernachlässigende #Sicherheitsrisiken, nicht
nur durch Einsatz von #agenticAI.

Der Ersteller dieses Threads hat völlig recht.

Aber auch durch die vielen Integrationen und Plugins (z.T. auch externe über diverse Repos) ergibt sich ein erhebliches Verwundbarkeitspotential.

https://community.simon42.com/t/warnung-niemals-einer-ki-zugriff-auf-euren-ha-gewaehren-eine-ki-auf-euren-ha-lassen/80847

#InfoSec #SupplyChainAttacks

Warnung! Niemals einer KI Zugriff auf euren HA gewähren // eine KI auf euren HA lassen

Ich habe in einem Beitrag hier im Forum auf ein Thema geantwortet in dem ein User erklärt hat, dass er Claude auf seinen Home Assistant alles erledigen lässt. Er hat Claude den Zugriff gewährt.. Da dieses Thema wirklich kritisch ist, meine Integration(en) lokale KI nutzen möchte ich auch euch für das Thema sensibilisieren und erklären, warum die vermutlich be*** Idee überhaupt und seit der Geburt der Menschheit ist, eine KI auf den HA zu lassen! Ich bitte euch das unter keinen Umständen zu erm...

simon42 Community
synlogic4242Feb 10

Template for AI startup:

* pitch trivial features anyone with a brain can do and has in fact been doing just fine for decades now, thanks

* requires giving them read/copy/exfiltrate rights to your critical PII, secrets, I.P. and source code (ideally also "security scan" the latter and "patch" commit to the latter) and/or full access to your Google accounts, AWS, etc -- but you can TOTALLY trust them, bro

* have names of 1 to 4 young Russian/Chinese/Indian males associated with it in GitHub (assuming you can even find names). oh and Anthropic Claude as a "co-commiter" or LLM du jour. though they TOTALLY WROTE ALL OF IT THEMSELVES, BRO!

good luck, kids

#AI
#LLM
#Claude
#supplychainattacks
#cybersecurity

Ars Technica NewsFeb 2
Notepad++ users take note: It's time to check if you're hacked https://arstechni.ca/6Vb8 #Opensourcesoftware #supplychainattacks #Security #notepad #Biz&IT
Notepad++ users take note: It's time to check if you're hacked

Suspected China-state hackers used update infrastructure to deliver backdoored version.

Ars Technica
Ars Technica NewsDec 31
Supply chains, AI, and the cloud: The biggest failures (and one success) of 2025 https://arstechni.ca/g8eH #supplychainattacks #signalmessenger #2025yearend #Security #Biz&IT #Apple #cloud #AI
Supply chains, AI, and the cloud: The biggest failures (and one success) of 2025

The past year has seen plenty of hacks and outages. Here are the ones topping the list.

Ars Technica
Rene RobichaudDec 12

Supply Chain Attacks Targeting GitHub Actions Increased in 2025
https://www.darkreading.com/application-security/supply-chain-attacks-targeting-github-actions-increased-in-2025

#Infosec #Security #Cybersecurity #CeptBiro #SupplyChainAttacks #GitHubActions

Show threadFiona  Nov 28
So Senna just told me about the most recent attack on #NPM.

I swear I wrote the above post independent of that! The problem ist just so pervasive that you keep running into it.

#supplychainattacks
Pluralistic: Daily links from Cory Doctorow – No trackers, no ads. Black type, white background. Privacy policy: we don't collect or retain any data at all ever period.Nov 26

Pluralistic: O(N^2) nationalism (26 Nov 2025)

https://fed.brid.gy/r/https://pluralistic.net/2025/11/26/difficult-multipolarism/

Pluralistic: O(N^2) nationalism (26 Nov 2025) – Pluralistic: Daily links from Cory Doctorow

ml4denSep 12, 2025

Supply chain attacks reached unprecedented scale this week, affecting billions of users through compromised development tools and package repositories.

#cybersecurity #supplychainattacks #artificialintelligence #malware #hacking

https://cybernewsweekly.substack.com/p/cybersecurity-news-review-week-37

Cybersecurity News Review - Week 37 (2025)

Supply chain attacks reached unprecedented scale this week, affecting billions of users through compromised development tools and package repositories.

Cybersecurity News Weekly
Ars Technica NewsSep 9, 2025
Software packages with more than 2 billion weekly downloads hit in supply-chain attack https://arstechni.ca/PHyN #supplychainattacks #supplychain #opensource #Security #Biz&IT #npm
Software packages with more than 2 billion weekly downloads hit in supply-chain attack

Incident hitting npm users is likely the biggest supply-chain attack ever.

Ars Technica