Kim

🚨 Breaking: Trivy GitHub Actions supply chain attack – 75 out of 76 version tags compromised. If your CI/CD pipelines reference “aquasecurity/trivy-action” by version tag, you’re likely running malware right now. At Socket, we identified that an attacker force-pushed nearly every version tag in the official aquasecurity/trivy-action repository. That’s @​0.0.1 all the way through @​0.34.2. Over 10,000 GitHub workflow files reference this action. The malicious payload runs silently before the legitimate Trivy scan, so nothing looks broken. Meanwhile it’s: - Dumping runner process memory to extract secrets - Harvesting SSH keys - Exfiltrating AWS, GCP, and Azure credentials - Stealing Kubernetes service account tokens The only unaffected tag right now appears to be @​0.35.0. Socket independently detected this at 19:15 UTC and generated 182 threat feed entries tied to this campaign – all correctly classified as Backdoor, Infostealer, or Reconnaissance malware. This is the second Trivy compromise this month. Earlier in March, attackers injected code into the Aqua Trivy VS Code extension on OpenVSX to abuse local AI coding agents. The compromised tags are still active. Pin to @​0.35.0 or use a SHA reference until this is fully remediated. Full write-up: socket.dev/blog/trivy-und…

Check this out. A Storybook-style playground for @laravelphp Blade components. It uses Liminal by @aschmelyun to power this with WASM, making it a fully sandboxed Blade component playground for building and testing.

🎬 👇 youtube.com/watch?v=SJlt7e…

Ooh, seems @PlanetScale is working on something. An announcement is coming in 2 days. 👀

Oh boy, glad I never got around implementing Trivy yet 😅 🚨 If you use Trivy for container scanning, beware they were compromised in a supply chain attack github.com/aquasecurity/t…

@argyleink It was a good challenge, and you did your best. We couldn't ask for more than that. 🙂

i'm so sorry y'all super appreciate your votes of confidence, but my dork ass didnt notice the image provided for the quote graphic…

I just escaped the financial system maze in 2m 49s. I'm finally free. Think you can find your way out? yourwayout.game/share

@tryhackme Don't remember when I joined, but it's been over 2 - 3 years, I think, on a 475-day streak at the moment. 🔥

7 MILLION & we're not done yet 🚀 Celebrate with us & WIN a EXCLUSIVE THM swag bundle! Drop in the comments when you started on TryHackMe, like & share this post to enter. ✅ BONUS: Tag a friend who should start on TryHackMe. Winners announced Friday 27 March. The next 7 million starts NOW. 💚 👾 Want to be part of the next 7 million? Start here today tryhackme.com/hacktivities?u…

I'll most likely never catch a @sentry campaign IRL, but I did see one in the @GitNationOrg newsletter. 👊

If you're shipping AI endpoints, rate limits are not optional. Above 5% 429 errors: too tight. Below 0.1%: too loose. 20 req / 60 sec per IP is a solid baseline. Three lines of Netlify config. Edge-enforced. Here's the full breakdown: netlify.com/blog/how-to-ra…

What’s the point of having "Background Security Improvements" if I still need to restart and install them like any other update? 🤦‍♂️

@jurrehoutkamp @framer Great color options. 👏

New @framer hats?

Yeah, that did not go as planned for my MadCSS picks. 😬 Cannot wait for the finale. 👊

🍿👇 youtube.com/watch?v=YZZbc5…

Time for the Quarter Finals of Mad CSS! 🔥

@syntaxfm Best of luck to everyone. 🙏

Airing at 10am EST on YouTube. 8 devs go head to head, only 4 will survive the battle. see you there.

🚨 New Hunt Alert 🚨 Excited to be hunting @Netlify. new on @ProductHunt today and proud to be part of the team that built it! The wall between “here’s your code” and “here’s your live app” has always been the hard part. Hosting. Auth. Build configuration. Deployment. That’s where momentum dies. Netlify. new is the prompt-first path that actually ships. → Describe what you want and pick your AI agent from our dropdown (Claude, Gemini, or Codex) → Get a working app on a live production URL in minutes → Iterate in place, no migrating later → Real Netlify infrastructure with forms and serverless functions from day one The builders shipping fastest aren’t setting up more tooling. They’re starting with a prompt. Would love your support and feedback on the PH page 👇​​​​​​​​​​​​​​​​ producthunt.com/products/netli…

🫣