Blogroll

A new report in Security Week warns about a cyberattack that infected 5,561 GitHub open-source repositories with malware.

Cybersecurity researchers at SafeDep detailed how the May 18 supply chain attack, dubbed Megalodon, took advantage of GitHub Actions workflows to ultimately harvest user credentials and other data. A full list of the compromised GitHub repositories is available in the SafeDep security report.

The report also details how the hackers pulled off the attack:

On May 18, 2026, an automated campaign codenamed megalodon pushed 5,718 malicious commits to 5,561 GitHub repositories in a six-hour window. Using throwaway accounts and forged author identities (build-bot, auto-ci, ci-bot, pipeline-bot), the attacker injected GitHub Actions workflows containing base64-encoded bash payloads that exfiltrate CI secrets, cloud credentials, SSH keys, OIDC tokens, and source code secrets to a C2 server at 216.126.225.129:8443.

A blog post at StepSecurity also documented the details of the attack.

"Megalodon is a textbook direct Poisoned Pipeline Execution (d-PPE) attack, a class of CI/CD attack where an adversary with write access to a repository injects malicious code directly into workflow definition files, causing the CI system to execute attacker-controlled commands on the next pipeline run," the blog post reads. (Emphasis in original.)

SafeDep researchers warned GitHub users affected by the attack to revert their repositories and audit all workflow files.

On May 20, GitHub published a blog post about unauthorized access to GitHub-owned repositories via a compromised employee device, but the company hasn't said anything about the alleged Megalodon attack.

However, on April 1, the company published a blog post detailing a new trend of cyberattacks on the open-source supply chain, which often begin by compromising GitHub Actions workflows, as in the Megalodon attack. The blog post includes tips for open-source projects on how "to secure your GitHub Actions workflows" to prevent exactly these types of attacks in the future.

I've run a NAS for years, but it always felt like something was missing. Adding a Raspberry Pi to the mix changed everything. It's a small, cheap upgrade that quietly solved problems I didn't even know I had.

As a movie enthusiast, I’m always looking for a good thriller with a unique story where tension, danger, and uncertainty reign supreme. Whether it’s psychological mind games, a high-stakes mystery, or pulse-pounding action, it should tap into something primal that keeps me on the edge of my seat, with my eyes glued to the screen.

Krispy Kreme employees affected by a Nov. 2024 company data breach can still claim their portion of a $1.6 million pie.

SEE ALSO: AI's new cottage industry: Lawyers defending students accused of cheating

The class action lawsuit was brought forth by impacted individuals after their personal information — including names, dates of birth, Social Security numbers, biometric data, and financial account credentials — was exposed in a 2024 cyberattack targeting the company's employee data. Krispy Kreme disclosed the breach in December 2024 and settled the class action case in March.

But the June deadline to claim your money is fast approaching.

Who is eligible?

The data breach impacted 161,000 current and former Krispy Kreme employees; individuals whose information was exposed should have received a notice from the company via email.

If you believe you were affected but didn't receive an alert, you can contact the settlement administrator at (877) 239-1879.

How do I claim my money?

The deadline to file a claim online or by mail is June 22.

Settlement class members can either submit an itemized claim form for up to $3,500 in losses, or accept a $75 single time payment. If you want to opt out of the settlement, you have until June 6 to decline either online or by mail.

Want to learn more about getting the best out of your tech? Sign up for Mashable's Top Stories and Deals newsletters today.

As a family with kids, we have far more stuff than can comfortably fit in our home. Thankfully, there's a useful attic where we can dump stuff when it's not in use. In the past, finding things in the attic involved hunting through multiple storage bins, but some cheap NFC tags solved the problem.

Most people set up Google Wallet once for payments and never open it again. Once your credit or debit cards are loaded onto it, people simply tap and pay, and often don’t realize that Google Wallet holds a lot more potential.

At the time of writing, CachyOS sits in the #1 spot on DistroWatch. It’s been getting a lot of attention, and honestly, much of it is deserved. But there’s another Arch-based distro that doesn’t get nearly as much love, and I think it’s the better pick for most people—I’m talking about Garuda Linux. I’ve run both distros on real hardware, and here’s why I believe Garuda is better than CachyOS in the ways that actually matter.

Most people use Claude the same way. Open the app, type a question, read the answer, close the tab. It's useful enough that way and, in fact, better than a Google search for a lot of things. But if that's all you're doing, you're getting maybe 20% of what Claude actually is.

Your mini PC, or most mini PCs you might find for purchase new or used, probably comes with just one single Ethernet port. Yet, for full-size PCs it's becoming more common to have dual Ethernet ports as standard.

ITER is the world’s largest fusion reactor project, bringing together scientists from around the globe to pursue clean fusion energy. The goal is to recreate the same process that powers the sun and turn it into a usable energy source on Earth. Here’s a closer look inside one of the most ambitious scientific projects ever attempted.

If there is anything at all I'm obsessed with, it has to be modding Android devices/Fire Tablets and reading comics, books, magazines, and anything else I can get my grubby little hands on.

If you're just getting started with self-hosting apps and services in your homelab, there are a number of mistakes you should try to avoid. These are the five biggest mistakes that I see self-hosters make, and how you can avoid them.

SpaceX launched Flight Test 12 of its reusable Starship Version 3 rocket from Starbase in South Texas. The mission included deploying 22 Starlink satellite dummies, including one carrying a camera that captured views of Starship’s heat shield during flight. The test ended dramatically as SpaceX continued pushing development of the massive rocket system.

Android owners have two main smartwatch brands to choose from: Samsung Galaxy Watch or Google Pixel Watch. I’ve spent extensive time with both, but I just recently switched back to a Galaxy Watch after wearing a Pixel Watch for the last couple of years. I’ll explain why.

One of the biggest problems I have with AI is that it can do so many things that it's hard to know where to start. I decided to see if Claude could solve one of my biggest frustrations. The results were impressive, and I barely had to lift a finger.

Hybrid watches have always seemed like an interesting concept to me. I'm someone who loves tech, but when it comes to watches, nothing beats the aesthetics, reliability, and simplicity of a traditional wristwatch. Although the idea of adding smart features to a traditional watch sounds like a match made in heaven, it never quite comes together in reality.

Are you tempted by a switch to Linux but worried about leaving Windows behind? It may seem like you're starting from scratch, but you're not. Linux has a reassuring pathway that lets you cross over without fully committing.

Following Memorial Day weekend, Focus Features is releasing Pressure, a World War II movie about a lesser-known — but nonetheless fascinating — hero of D-Day.

Andrew Scott stars as James Stagg, a "genius" meteorologist from Scotland, who became a crucial adviser to American General Dwight D. Eisenhower (Academy Award winner Brendan Fraser) ahead of the Allies' pivotal invasion against the Axis powers.

Now, this premise may sound a bit stiff, focusing on World War II and the weather. However, Mashable Entertainment Editor Kristy Puchko found the film had surprising similarities to Focus's crackling Vatican thriller Conclave in its humor, and to HBO's The Pitt in terms of competency porn.

When she sat down with Scott and Fraser for an interview, she spoke with them about these similarities, how the actors approached this engaging movie adaptation of David Haig's play, and who they consider a genius.

Pressure opens in theaters on May 29.

Welcome to your guide to Pips, the latest game in the New York Times catalogue.

Released in August 2025, Pips puts a unique spin on dominoes, creating a fun single-player experience that could become your next daily gaming habit.

Currently, if you're stuck, the game only offers to reveal the entire puzzle, forcing you to move on to the next difficulty level and start over. However, we have you covered! Below are piecemeal answers that will serve as hints so that you can find your way through each difficulty level.

How to play Pips

If you've ever played dominoes, you'll have a passing familiarity with how Pips is played. As we've shared in our previous hints stories for Pips, the tiles, like dominoes, are placed vertically or horizontally and connect with each other. The main difference between a traditional game of dominoes and Pips is the color-coded conditions you have to address. The touching tiles don't necessarily have to match.

SEE ALSO: Wordle today: Answer, hints for May 25, 2026

The conditions you have to meet are specific to the color-coded spaces. For example, if it provides a single number, every side of a tile in that space must add up to the number provided. It is possible — and common — for only half a tile to be within a color-coded space.

Here are common examples you'll run into across the difficulty levels:

• Number: All the pips in this space must add up to the number.

• Equal: Every domino half in this space must be the same number of pips.

• Not Equal: Every domino half in this space must have a completely different number of pips.

• Less than: Every domino half in this space must add up to less than the number.

• Greater than: Every domino half in this space must add up to more than the number.

If an area does not have any color coding, it means there are no conditions on the portions of dominoes within those spaces.

SEE ALSO: NYT Strands hints, answers for May 25, 2026 Easy difficulty hints, answers for May 25 Pips

Number (8): Everything in this space must add up to 8. The answer is 0-6, placed horizontally; 4-4, placed horizontally; 0-0, placed horizontally.

Number (3): Everything in this space must add up to 3. The answer is 0-0, placed horizontally; 3-3, placed horizontally.

Number (5): Everything in this space must add up to 5. The answer is 2-2, placed horizontally; 3-3, placed horizontally.

Medium difficulty hints, answers for May 25 Pips

Equal (4): Everything in this space must be equal to 4. The answer is 4-2, placed vertically; 4-3, placed horizontally.

Greater Than (5): Everything in this space must be greater than 5. The answer is 6-5, placed vertically.

Equal (2): Everything in this space must be equal to 2. The answer is 4-2, placed vertically; 2-5, placed horizontally.

Equal (5): Everything in this space must be equal to 5. The answer is 2-5, placed horizontally; 6-5, placed vertically.

Equal (6): Everything in this space must be equal to 6. The answer is 6-1, placed vertically; 6-3, placed horizontally.

Less Than (2): Everything in this space must be less than 2. The answer is 6-1, placed vertically.

Equal (3): Everything in this space must be equal to 3. The answer is 6-3, placed horizontally; 2-3, placed horizontally; 3-3, placed horizontally.

Hard difficulty hints, answers for May 25 Pips

Number (11): Everything in this space must add up to 11. The answer is 6-3, placed horizontally; 5-4, placed vertically.

Number (3): Everything in this space must add up to 3. The answer is 6-3, placed horizontally.

Number (4): Everything in this space must add up to 4. The answer is 5-4, placed vertically; 0-1, placed vertically.

Number (8): Everything in this space must add up to 8. The answer is 3-5, placed vertically.

Number (11): Everything in this space must add up to 11. The answer is 0-1, placed vertically; 5-5, placed horizontally.

Number (1): Everything in this space must add up to 1. The answer is 3-1, placed vertically; 0-5, placed vertically.

Greater Than (3): Everything in this space must be greater than 3. The answer is 0-5, placed vertically.

Equal (1): Everything in this space must be equal to 1. The answer is 1-1, placed horizontally.

Equal (4): Everything in this space must be equal to 4. The answer is 4-4, placed vertically; 4-1, placed horizontally.

Number (1): Everything in this space must add up to 1. The answer is 4-1, placed horizontally.

Number (4): Everything in this space must add up to 4. The answer is 4-2, placed horizontally.

Equal (2): Everything in this space must be equal to 2. The answer is 4-2, placed horizontally; 2-1, placed vertically.

Number (1): Everything in this space must add up to 1. The answer is 2-1, placed vertically.

Number (2): Everything in this space must add up to 2. The answer is 2-6, placed horizontally.

Number (3): Everything in this space must add up to 3. The answer is 3-4, placed vertically.

Less Than (5): Everything in this space must be less than 5. The answer is 3-4, placed vertically; 0-6, placed horizontally.

Number (6): Everything in this space must add up to 6. The answer is 0-6, placed horizontally.

If you're looking for more puzzles, Mashable's got games now! Check out our games hub for Mahjong, Sudoku, free crossword, and more.

A one‑legged robot that jumps instead of rolls could help scientists explore the icy geysers on Saturn's moon Enceladus, sampling material from a hidden ocean that may be friendly to life.

The early mission concept, known as LEAP — short for Legged Exploration Across the Plain — imagines a robot about one-foot tall and weighing roughly 2 pounds. Rather than driving like a Mars rover, LEAP would use a spring‑driven leg, a pair of wheels, and internal spinning "reaction wheels" to roll, tip itself upright, and launch into long, arcing hops.

Funded by NASA's Innovative Advanced Concepts program, the LEAP project builds on a real-world prototype, called SALTO. Though it looks like a little pogo stick — or Pixar's boinging lamp — its jumping action actually takes inspiration from squirrels. (If that's not cute enough, imagine scientists collecting data from squirrels with high-speed cameras while the critters traverse a homemade parkour course.) The researchers published their results in Science Robotics last year.

Whether the hopping robot ever reaches Saturn will depend on mission choices still years away. But you can watch the little robot do its thing in a new video just released by NASA further down in this story. 

Enceladus has become a prime target in the search for life beyond Earth. Beneath its bright ice crust lies a global ocean. Near the south pole, deep fractures nicknamed "tiger stripes" vent that water into space as plumes of ice grains and gas. Those jets give scientists a rare advantage in the outer solar system: They can sample ocean material without drilling through miles of ice.

SEE ALSO: This NASA gear may be the first to survive the brutal lunar night

Reaching those jets is not straightforward. The region around them looks fractured and uneven, with steep ridges, broken ice fields, and powdery material. Other options, like aircraft, have limits as well, said Justin Yim, a mechanical science and engineering assistant professor at the University of Illinois at Urbana-Champaign.

"Conventional rovers may struggle to navigate this rugged terrain. Flying poses its own challenges," said Yim at the 2025 NASA's Innovative Advanced Concepts symposium. "Enceladus has no atmosphere, and the use of rocket-based propulsion [would risk] contaminating samples. It is in this context that we find jumping to be uniquely promising."

Because Enceladus has extremely weak gravity — about one-eightieth of Earth's — a relatively small push can send an object traveling far. Researchers estimate LEAP could travel roughly 560 feet — close to the length of two American football fields — in a single hop and rise about 300 feet into the air.

Each jump would play out in slow motion compared with Earth. That long airtime is central to the design. It would allow the robot to pass directly through a plume while in flight. A single hop could last close to a minute, with several seconds spent inside the icy spray.

During that time, onboard instruments could analyze ice particles, measure composition, and capture data on how the plume behaves. Contrary to popular belief, more legs wouldn't necessarily improve its jumping performance, Yim says.  

"One is a great number for jumping, particularly because it has this great advantage of allowing you to concentrate your actuation in one very powerful and simpler design," he said at the symposium last year. "Multiple legs give you a lot of benefits for doing things like sitting or standing on the ground, but you could do those equally well with wheels."

This Tweet is currently unavailable. It might be loading or has been removed.

LEAP's two wheels and one leg give it three points of contact, which makes the robot stable in that position as well, he said.

The robot would likely ride to Enceladus aboard a larger spacecraft that first orbits the moon and then lands, a setup often described as an Orbilander. From that base, LEAP could deploy, make repeated jumps between vents, and go beyond the landing zone.

But before any mission becomes real, engineers still need to demonstrate that the system can survive Enceladus' extreme cold, which reaches about minus -330 degrees Fahrenheit, and test how its foot behaves on unfamiliar ice. Most development will have to happen through simulations and lab testing.

"It's going to be difficult to get the same type of conditions we'll have on Enceladus," Yim said. "It's extremely, extremely cold, and the type of ice particles we'll encounter there are probably very different from what we'd see in natural environments on Earth."