diff --git a/markdown/org/blog/roundup-2018-11/uk.md b/markdown/org/blog/roundup-2018-11/uk.md
new file mode 100644
index 00000000000..2794546b2ce
--- /dev/null
+++ b/markdown/org/blog/roundup-2018-11/uk.md
@@ -0,0 +1,36 @@
+---
+author: "joostdecock"
+caption: "Your login background for December"
+date: "2018-11-30"
+image: "https://cdn.sanity.io/images/hl5bw8cj/site-content/ebdb5fce7cd9b56f2f9d51d05dbda187195e30b6-1920x1280.jpg"
+intro: "Monthly roundup - November 2018: New showcases and a (false) security alarm"
+title: "Monthly roundup - November 2018: New showcases and a (false) security alarm"
+---
+
+
+Це ваш щомісячний огляд новин фрітрекінгу за останні чотири тижні, і погляд на те, що чекає на нас у наступному місяці.
+
+## Озираючись на листопад
+
+I have been very busy this month, but more about that in our roundup post for the year which you can expect on December 10th.
+
+Because I've been busy, a few showcase posts had fallen through the cracks. I've cleared the backlog in my inbox now, and as a result we have [a new Bruce showcase by Felix](/en/showcase/bruce-three-pack) and [a new Sandy showcase by Karin](/en/showcase/sandy-by-karin).
+
+If you've made one of our patterns, make sure to send in your pictures so we can add them too. I mean, even if it takes a while, I do eventually get around to it :)
+
+
+Earlier this week, I woke to the unsettling news that a popular package on NPM [had been hijacked by malicious actors](https://arstechnica.com/information-technology/2018/11/hacker-backdoors-widely-used-open-source-software-to-steal-bitcoin/).
+
+That's obviously shitty behaviour, but the fact that this package is a dependency of our backend (as in, we use it) made for a rude awakening. Our backend was patched by the time I got to work (yay for trains), but as more information came to light, it turned out it was never a problem in the first place.
+
+For one thing, the dependency was a so-called development dependency. Code that is included while developing, but not included in the production build.
+
+Furthermore, the malicious actors were targetting a very specific set of people in order to make off with their bitcoin, so there was never an issue.
+
+As the story was developing, we [posted updates on Twitter](https://twitter.com/freesewing_org/status/1067312509672177664) so if you want to make sure you want to hear all the latest news, make sure to follow [@freesewing_org](https://twitter.com/freesewing_org) on Twitter.
+
+
+## Забігаючи наперед у грудень
+
+In early December we traditionally do our yearly roundup, so more on that soon :)
+