Scoopfeeds — Intelligent news, curated.
computer-science

A backdoor in a LinkedIn job offer

Hacker News · Jun 15, 2026, 8:00 PM

Key takeaways

  • Last week, I got a Linked In message from a recruiter at a small crypto startup.
  • It s not uncommon to ask for a review of an existing codebase, but something felt off and raised an alarm in my head, so I decided to get a bit extra paranoid.
  • Instead of cloning and installing dependencies, I spun up a throwaway VPS on Hetzner, cloned the repo there, and pointed Pi at it in read-only mode, with only file-reading tools enabled:

Full-stack Python developer. Building Smello.

Last week, I got a Linked In message from a recruiter at a small crypto startup. We exchanged a few messages over a couple of days, she described a broken proof-of-concept they needed a lead engineer for, and then sent me a public Git Hub repo to review. Specifically, she asked me to check out the deprecated Node modules issue.

It s not uncommon to ask for a review of an existing codebase, but something felt off and raised an alarm in my head, so I decided to get a bit extra paranoid.

Article preview — originally published by Hacker News. Full story at the source.
Read full story on Hacker News → More top stories

More in computer-science

Ars Technica
Hulk, Punisher join Peter Parker in Spider-Man: Brand New Day trailer
TechCrunch
NASA picks Eric Schmidt’s rocket company for Mars mission, setting up a race with SpaceX
Hacker News
The Australian Government to Require SMS/MMS Sender ID Registraion
Hacker News
How to Become a Person After Smartphones Have Rotted Your Brain
Hacker News
DeepSeek Introduces Vision
Aggregated and edited by the Scoop newsroom. We surface news from Hacker News alongside other reporting so you can compare coverage in one place. Editorial policy · Corrections · About Scoop