Hacker News .hnnew | past | comments | ask | show | jobs | submit | fromlogin
TeamPCP Is Systematically Targeting Security Tools Across the OSS Ecosystem (socket.dev)
5 points by pier25 1 day ago | past | discuss
Trivy Supply Chain Attack Expands to Compromised Docker Images (socket.dev)
5 points by feross 3 days ago | past | 3 comments
Trivy under attack again: Widespread GitHub Actions tag compromise secrets (socket.dev)
249 points by jicea 4 days ago | past | 84 comments
Trivy Under Attack Again: Widespread GitHub Actions Tag Compromise Exposes (socket.dev)
3 points by tamnd 5 days ago | past | 1 comment
CanisterWorm: NPM Publisher Compromise Deploys Backdoor Across 29 Packages (socket.dev)
3 points by pier25 5 days ago | past | discuss
Widespread Trivvy GitHub Actions Tag Compromise Exposes CI/CD Secrets (socket.dev)
7 points by donutshop 6 days ago | past | 1 comment
Enisa Technical Advisory on Secure Use of Package Managers (socket.dev)
6 points by pier25 6 days ago | past | discuss
Malicious NPM Packages Use Pastebin Steganography to Deploy Credential Stealer (socket.dev)
2 points by feross 26 days ago | past
Malicious Go "Crypto" Module Steals Passwords and Deploys Rekoobe Backdoor (socket.dev)
3 points by feross 27 days ago | past
Shai-Hulud-Style NPM Worm Hijacks CI Workflows and Poisons AI Toolchains (socket.dev)
10 points by jicea 32 days ago | past
Shai-Hulud-Style NPM Worm Hijacks CI Workflows and Poisons AI Toolchains (socket.dev)
8 points by feross 33 days ago | past
Socket brings supply chain security to skills.sh (socket.dev)
2 points by ryoidong 35 days ago | past
AI Agent Lands PRs in Major OSS Projects, Targets Maintainers via Cold Outreach (socket.dev)
3 points by puppion 36 days ago | past
AI Agent Lands PRs in Major OSS Projects (socket.dev)
1 point by bradyholt 37 days ago | past
AI Agent Lands PRs in Major OSS Projects, Targets Maintainers via Cold Outreach (socket.dev)
2 points by choult 39 days ago | past
AI Agent Lands PRs in Major OSS Projects, Targets Maintainers via Cold Outreach (socket.dev)
16 points by cdrnsf 39 days ago | past | 1 comment
AI Agent Lands PRs in Major OSS Projects (socket.dev)
2 points by junon 40 days ago | past
Lodash's Security Reset and Maintenance Reboot (socket.dev)
5 points by todsacerdoti 52 days ago | past
GlassWorm Loader Hits Open VSX via Developer Account Compromise (socket.dev)
3 points by feross 53 days ago | past
Temporal API Ships in Chrome 144, Marking a Shift for JavaScript Date Handling (socket.dev)
1 point by thunderbong 68 days ago | past
Temporal API Ships in Chrome 144, Marking a Major Shift for JavaScript Date (socket.dev)
3 points by feross 68 days ago | past | 1 comment
Malicious Chrome Extension Steals MEXC API Keys for Account Takeover (socket.dev)
7 points by feross 72 days ago | past
Tailwind CSS Announces 75% Layoffs as LLMs Reshape OSS Business Models (socket.dev)
3 points by feross 76 days ago | past | 1 comment
NPM to implement staged publishing after turbulent shift off classic tokens (socket.dev)
205 points by feross 77 days ago | past | 125 comments
Malicious Chrome Extensions "Phantom Shuttle" Masquerade as a VPN to Intercept (socket.dev)
1 point by feross 3 months ago | past
The Supply Chain Nightmare Before Deployment (socket.dev)
2 points by feross 3 months ago | past | 1 comment
Malicious NuGet Package Typosquats Popular .NET Tracing Library to Steal Wallet (socket.dev)
3 points by feross 3 months ago | past
Deno 2.6 and Socket: Supply Chain Defense in Your CLI (socket.dev)
3 points by feross 3 months ago | past
Software Engineering Daily Podcast: Feross on AI, Open Source, and Supply Chain (socket.dev)
1 point by feross 3 months ago | past
NPM Revokes Classic Tokens, as OpenJS Warns Maintainers About OIDC Gaps (socket.dev)
3 points by feross 3 months ago | past | 1 comment

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: