dmv.community is one of the many independent Mastodon servers you can use to participate in the fediverse.
A small regional Mastodon instance for those in the DC, Maryland, and Virginia areas. Local news, commentary, and conversation.

Administered by:

Server stats:

163
active users

#github

68 posts61 participants7 posts today

#helix vs #neovim. spot the differences!

the main one isn't really visible, though: helix has a built-in #treesitter, and it does a great job at highlighting #rust out of the box, with zero configuration and dependencies!

this way, i don't have 20 plugins in #lua and/or #vimscript running in the background and autoupdating from #github - awesome! 🌈🦄 config is plain #toml - no need to write it in turing-complete languages which i only know poorly

shout out @bobulous 🙌 bobulous.org.uk/coding/Helix-c

Semgrep | 🚨 Popular GitHub Action tj-actions/changed-files is compromised

「 Popular GitHub Action tj-actions/changed-files has been compromised (GitHub issue) with a payload that appears to attempt to dump secrets, impacting thousands of CI pipelines. This isn’t the first security issue with tj-actions/changed-files—see prior vulnerability CVE-2023-51664 」

semgrep.dev/blog/2025/popular-

SemgrepSemgrep | 🚨 Popular GitHub Action tj-actions/changed-files is compromisedPopular GitHub Action tj-actions/changed-files has been compromised with a payload that appears to attempt to dump secrets, impacting thousands of CI pipelines.

The tj-actions/changed-files #GitHub Action, which is currently used in over 23,000 repositories, has been compromised. In this attack, the attackers modified the action’s code and retroactively updated multiple version tags to reference the malicious commit. The compromised Action prints CI/CD secrets in GitHub Actions build logs. If the workflow logs are publicly accessible (such as in public repositories), anyone could potentially read these logs and obtain exposed secrets. There is no evidence that the leaked secrets were exfiltrated to any remote network destination.

stepsecurity.io/blog/harden-ru #Infosec

www.stepsecurity.ioHarden-Runner detection: tj-actions/changed-files action is compromised - StepSecuritytj-actions/changed-files

nice phishing attempt via #github issues, sent to a friend, who does (among others) professional phishing tests. gh is experiencing to much work to respond immediately.

New Open-Source Tool Spotlight 🚨🚨🚨

DataDog's KubeHound is a tool that queries Kubernetes clusters and surfaces Pod Security Standard violations. It works by analyzing a cluster against best practices with minimal setup. Useful for teams focused on securing their workloads in Kubernetes environments. #Kubernetes #CyberSecurity

🔗 Project link on #GitHub 👉 github.com/DataDog/KubeHound

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️