at://
/
app.bsky.feed.post
/
3m6foer3vsk2z
sign in
All
4
Record
2
Post
1
PostEmbed
1
Post
by @danabra.mov
PostEmbed
by @danabra.mov
Record
by @jimpick.com
Record
by @atsui.org
+ new component
Post
Source: thehackernews.com/2025/11/seco...
6mo
thehackernews.com
Security vendors warn Sha1-Hulud has hijacked 25,000+ GitHub repos via npm packages, stealing cloud credentials or wiping dev home directories.
Second Sha1-Hulud Wave Affects 25,000+ Repositories via npm Preinstall Credential Theft
Piotrek Koszuliński
