For the best experience on desktop, install the Chrome extension to track your reading on news.ycombinator.com
Hacker Newsnew | past | comments | ask | show | jobs | submit | history | fromregister
Attackers Are Hunting High-Impact Node.js Maintainers with Social Engineering (socket.dev)
3 points by pier25 2 days ago | past | 2 comments
Axios Maintainer Confirms Social Engineering Attack Behind NPM Compromise (socket.dev)
5 points by feross 2 days ago | past | discuss
The Hidden Blast Radius of the Axios Compromise (socket.dev)
6 points by feross 4 days ago | past | discuss
Supply Chain Attack on Axios Pulls Malicious Dependency from NPM (socket.dev)
2 points by dsr12 5 days ago | past | discuss
TeamPCP Is Systematically Targeting Security Tools Across the OSS Ecosystem (socket.dev)
5 points by pier25 11 days ago | past | discuss
Trivy Supply Chain Attack Expands to Compromised Docker Images (socket.dev)
5 points by feross 13 days ago | past | 3 comments
Trivy under attack again: Widespread GitHub Actions tag compromise secrets (socket.dev)
250 points by jicea 14 days ago | past | 83 comments
Trivy Under Attack Again: Widespread GitHub Actions Tag Compromise Exposes (socket.dev)
3 points by tamnd 15 days ago | past | 1 comment
CanisterWorm: NPM Publisher Compromise Deploys Backdoor Across 29 Packages (socket.dev)
3 points by pier25 15 days ago | past
Widespread Trivvy GitHub Actions Tag Compromise Exposes CI/CD Secrets (socket.dev)
7 points by donutshop 16 days ago | past | 1 comment
Enisa Technical Advisory on Secure Use of Package Managers (socket.dev)
6 points by pier25 17 days ago | past
Malicious NPM Packages Use Pastebin Steganography to Deploy Credential Stealer (socket.dev)
2 points by feross 37 days ago | past
Malicious Go "Crypto" Module Steals Passwords and Deploys Rekoobe Backdoor (socket.dev)
3 points by feross 38 days ago | past
Shai-Hulud-Style NPM Worm Hijacks CI Workflows and Poisons AI Toolchains (socket.dev)
10 points by jicea 43 days ago | past
Shai-Hulud-Style NPM Worm Hijacks CI Workflows and Poisons AI Toolchains (socket.dev)
8 points by feross 44 days ago | past
Socket brings supply chain security to skills.sh (socket.dev)
2 points by ryoidong 45 days ago | past
AI Agent Lands PRs in Major OSS Projects, Targets Maintainers via Cold Outreach (socket.dev)
3 points by puppion 47 days ago | past
AI Agent Lands PRs in Major OSS Projects (socket.dev)
1 point by bradyholt 48 days ago | past
AI Agent Lands PRs in Major OSS Projects, Targets Maintainers via Cold Outreach (socket.dev)
2 points by choult 49 days ago | past
AI Agent Lands PRs in Major OSS Projects, Targets Maintainers via Cold Outreach (socket.dev)
16 points by cdrnsf 50 days ago | past | 1 comment
AI Agent Lands PRs in Major OSS Projects (socket.dev)
2 points by junon 50 days ago | past
Lodash's Security Reset and Maintenance Reboot (socket.dev)
5 points by todsacerdoti 62 days ago | past
GlassWorm Loader Hits Open VSX via Developer Account Compromise (socket.dev)
3 points by feross 64 days ago | past
Temporal API Ships in Chrome 144, Marking a Shift for JavaScript Date Handling (socket.dev)
1 point by thunderbong 78 days ago | past
Temporal API Ships in Chrome 144, Marking a Major Shift for JavaScript Date (socket.dev)
3 points by feross 79 days ago | past | 1 comment
Malicious Chrome Extension Steals MEXC API Keys for Account Takeover (socket.dev)
7 points by feross 82 days ago | past
Tailwind CSS Announces 75% Layoffs as LLMs Reshape OSS Business Models (socket.dev)
3 points by feross 87 days ago | past | 1 comment
NPM to implement staged publishing after turbulent shift off classic tokens (socket.dev)
205 points by feross 88 days ago | past | 125 comments
Malicious Chrome Extensions "Phantom Shuttle" Masquerade as a VPN to Intercept (socket.dev)
1 point by feross 3 months ago | past
The Supply Chain Nightmare Before Deployment (socket.dev)
2 points by feross 3 months ago | past | 1 comment

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search:

HN For You