| ▲ | QuantumNomad_ an hour ago | |||||||
Typo in title. Current title of HN post says: > SHA1-Hulud the Second Comming – Postman, Zapier, PostHog All Compromised via NPM Should be Shai-Hulud, not SHA1-Hulud. | ||||||||
| ▲ | adzm an hour ago | parent | next [-] | |||||||
That said, the secrets are uploaded to a repo named `Sha1-Hulud: The Second Coming` | ||||||||
| ||||||||
| ▲ | pezezin an hour ago | parent | prev | next [-] | |||||||
The worm itself is posting the secrets in Github with the name Sha1-hulud: https://github.com/search?q=sha1-hulud&type=repositories | ||||||||
| ▲ | zahlman an hour ago | parent | prev [-] | |||||||
I don't know why you were downvoted. The actual page does not say SHA1, the attack as far as I know is not related to the SHA1 algorithm, and the name of the worm isn't intended as that sort of pun. | ||||||||