Security professionals sharing intelligence on malicious packages, repositories, and CDNs to protect the open source ecosystem. Browse verified threats and report malware.

Hacker News is a community-driven platform for sharing and discussing technology news, startups, and programming-related topics. Through user submissions and comments, Hacker News offers insights into emerging technology trends, industry developments, and entrepreneurial ventures. Readers can participate in discussions, share their insights, and stay informed about the latest advancements in technology and innovation.

Hacker News

A coordinated malware campaign distributed 14 malicious AI assistant skills through ClawHub and GitHub, targeting cryptocurrency users. The skills masqueraded as trading automation tools but delivered information-stealing malware to macOS and Windows systems. Using social engineering tactics, attackers convinced users to execute commands that installed NovaStealer-variant malware, stealing crypto exchange API keys, wallet credentials, SSH keys, and browser passwords. All malicious skills shared the same command-and-control infrastructure (91.92.242.30) and exploited the lack of security review in the skills publication process.

ClawdBot Skills Just Ganked Your Crypto