Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
|
from
login
The Hidden Blast Radius of the Axios Compromise
(
socket.dev
)
5 points
by
feross
11 hours ago
|
past
|
discuss
Supply Chain Attack on Axios Pulls Malicious Dependency from NPM
(
socket.dev
)
2 points
by
dsr12
2 days ago
|
past
|
discuss
TeamPCP Is Systematically Targeting Security Tools Across the OSS Ecosystem
(
socket.dev
)
5 points
by
pier25
8 days ago
|
past
|
discuss
Trivy Supply Chain Attack Expands to Compromised Docker Images
(
socket.dev
)
5 points
by
feross
10 days ago
|
past
|
3 comments
Trivy under attack again: Widespread GitHub Actions tag compromise secrets
(
socket.dev
)
250 points
by
jicea
11 days ago
|
past
|
84 comments
Trivy Under Attack Again: Widespread GitHub Actions Tag Compromise Exposes
(
socket.dev
)
3 points
by
tamnd
12 days ago
|
past
|
1 comment
CanisterWorm: NPM Publisher Compromise Deploys Backdoor Across 29 Packages
(
socket.dev
)
3 points
by
pier25
12 days ago
|
past
|
discuss
Widespread Trivvy GitHub Actions Tag Compromise Exposes CI/CD Secrets
(
socket.dev
)
7 points
by
donutshop
13 days ago
|
past
|
1 comment
Enisa Technical Advisory on Secure Use of Package Managers
(
socket.dev
)
6 points
by
pier25
13 days ago
|
past
|
discuss
Malicious NPM Packages Use Pastebin Steganography to Deploy Credential Stealer
(
socket.dev
)
2 points
by
feross
33 days ago
|
past
Malicious Go "Crypto" Module Steals Passwords and Deploys Rekoobe Backdoor
(
socket.dev
)
3 points
by
feross
34 days ago
|
past
Shai-Hulud-Style NPM Worm Hijacks CI Workflows and Poisons AI Toolchains
(
socket.dev
)
10 points
by
jicea
39 days ago
|
past
Shai-Hulud-Style NPM Worm Hijacks CI Workflows and Poisons AI Toolchains
(
socket.dev
)
8 points
by
feross
40 days ago
|
past
Socket brings supply chain security to skills.sh
(
socket.dev
)
2 points
by
ryoidong
41 days ago
|
past
AI Agent Lands PRs in Major OSS Projects, Targets Maintainers via Cold Outreach
(
socket.dev
)
3 points
by
puppion
43 days ago
|
past
AI Agent Lands PRs in Major OSS Projects
(
socket.dev
)
1 point
by
bradyholt
44 days ago
|
past
AI Agent Lands PRs in Major OSS Projects, Targets Maintainers via Cold Outreach
(
socket.dev
)
2 points
by
choult
45 days ago
|
past
AI Agent Lands PRs in Major OSS Projects, Targets Maintainers via Cold Outreach
(
socket.dev
)
16 points
by
cdrnsf
46 days ago
|
past
|
1 comment
AI Agent Lands PRs in Major OSS Projects
(
socket.dev
)
2 points
by
junon
47 days ago
|
past
Lodash's Security Reset and Maintenance Reboot
(
socket.dev
)
5 points
by
todsacerdoti
59 days ago
|
past
GlassWorm Loader Hits Open VSX via Developer Account Compromise
(
socket.dev
)
3 points
by
feross
60 days ago
|
past
Temporal API Ships in Chrome 144, Marking a Shift for JavaScript Date Handling
(
socket.dev
)
1 point
by
thunderbong
75 days ago
|
past
Temporal API Ships in Chrome 144, Marking a Major Shift for JavaScript Date
(
socket.dev
)
3 points
by
feross
75 days ago
|
past
|
1 comment
Malicious Chrome Extension Steals MEXC API Keys for Account Takeover
(
socket.dev
)
7 points
by
feross
79 days ago
|
past
Tailwind CSS Announces 75% Layoffs as LLMs Reshape OSS Business Models
(
socket.dev
)
3 points
by
feross
83 days ago
|
past
|
1 comment
NPM to implement staged publishing after turbulent shift off classic tokens
(
socket.dev
)
205 points
by
feross
84 days ago
|
past
|
125 comments
Malicious Chrome Extensions "Phantom Shuttle" Masquerade as a VPN to Intercept
(
socket.dev
)
1 point
by
feross
3 months ago
|
past
The Supply Chain Nightmare Before Deployment
(
socket.dev
)
2 points
by
feross
3 months ago
|
past
|
1 comment
Malicious NuGet Package Typosquats Popular .NET Tracing Library to Steal Wallet
(
socket.dev
)
3 points
by
feross
3 months ago
|
past
Deno 2.6 and Socket: Supply Chain Defense in Your CLI
(
socket.dev
)
3 points
by
feross
3 months ago
|
past
More
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
