Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
|
from
login
TeamPCP Is Systematically Targeting Security Tools Across the OSS Ecosystem
(
socket.dev
)
5 points
by
pier25
15 hours ago
|
past
|
discuss
Trivy Supply Chain Attack Expands to Compromised Docker Images
(
socket.dev
)
5 points
by
feross
2 days ago
|
past
|
3 comments
Trivy under attack again: Widespread GitHub Actions tag compromise secrets
(
socket.dev
)
246 points
by
jicea
3 days ago
|
past
|
83 comments
Trivy Under Attack Again: Widespread GitHub Actions Tag Compromise Exposes
(
socket.dev
)
3 points
by
tamnd
4 days ago
|
past
|
1 comment
CanisterWorm: NPM Publisher Compromise Deploys Backdoor Across 29 Packages
(
socket.dev
)
3 points
by
pier25
4 days ago
|
past
|
discuss
Widespread Trivvy GitHub Actions Tag Compromise Exposes CI/CD Secrets
(
socket.dev
)
7 points
by
donutshop
5 days ago
|
past
|
1 comment
Enisa Technical Advisory on Secure Use of Package Managers
(
socket.dev
)
6 points
by
pier25
5 days ago
|
past
|
discuss
Malicious NPM Packages Use Pastebin Steganography to Deploy Credential Stealer
(
socket.dev
)
2 points
by
feross
25 days ago
|
past
Malicious Go "Crypto" Module Steals Passwords and Deploys Rekoobe Backdoor
(
socket.dev
)
3 points
by
feross
26 days ago
|
past
Shai-Hulud-Style NPM Worm Hijacks CI Workflows and Poisons AI Toolchains
(
socket.dev
)
10 points
by
jicea
31 days ago
|
past
Shai-Hulud-Style NPM Worm Hijacks CI Workflows and Poisons AI Toolchains
(
socket.dev
)
8 points
by
feross
32 days ago
|
past
Socket brings supply chain security to skills.sh
(
socket.dev
)
2 points
by
ryoidong
34 days ago
|
past
AI Agent Lands PRs in Major OSS Projects, Targets Maintainers via Cold Outreach
(
socket.dev
)
3 points
by
puppion
35 days ago
|
past
AI Agent Lands PRs in Major OSS Projects
(
socket.dev
)
1 point
by
bradyholt
36 days ago
|
past
AI Agent Lands PRs in Major OSS Projects, Targets Maintainers via Cold Outreach
(
socket.dev
)
2 points
by
choult
38 days ago
|
past
AI Agent Lands PRs in Major OSS Projects, Targets Maintainers via Cold Outreach
(
socket.dev
)
16 points
by
cdrnsf
38 days ago
|
past
|
1 comment
AI Agent Lands PRs in Major OSS Projects
(
socket.dev
)
2 points
by
junon
39 days ago
|
past
Lodash's Security Reset and Maintenance Reboot
(
socket.dev
)
5 points
by
todsacerdoti
51 days ago
|
past
GlassWorm Loader Hits Open VSX via Developer Account Compromise
(
socket.dev
)
3 points
by
feross
52 days ago
|
past
Temporal API Ships in Chrome 144, Marking a Shift for JavaScript Date Handling
(
socket.dev
)
1 point
by
thunderbong
67 days ago
|
past
Temporal API Ships in Chrome 144, Marking a Major Shift for JavaScript Date
(
socket.dev
)
3 points
by
feross
67 days ago
|
past
|
1 comment
Malicious Chrome Extension Steals MEXC API Keys for Account Takeover
(
socket.dev
)
7 points
by
feross
71 days ago
|
past
Tailwind CSS Announces 75% Layoffs as LLMs Reshape OSS Business Models
(
socket.dev
)
3 points
by
feross
75 days ago
|
past
|
1 comment
NPM to implement staged publishing after turbulent shift off classic tokens
(
socket.dev
)
205 points
by
feross
76 days ago
|
past
|
125 comments
Malicious Chrome Extensions "Phantom Shuttle" Masquerade as a VPN to Intercept
(
socket.dev
)
1 point
by
feross
3 months ago
|
past
The Supply Chain Nightmare Before Deployment
(
socket.dev
)
2 points
by
feross
3 months ago
|
past
|
1 comment
Malicious NuGet Package Typosquats Popular .NET Tracing Library to Steal Wallet
(
socket.dev
)
3 points
by
feross
3 months ago
|
past
Deno 2.6 and Socket: Supply Chain Defense in Your CLI
(
socket.dev
)
3 points
by
feross
3 months ago
|
past
Software Engineering Daily Podcast: Feross on AI, Open Source, and Supply Chain
(
socket.dev
)
1 point
by
feross
3 months ago
|
past
NPM Revokes Classic Tokens, as OpenJS Warns Maintainers About OIDC Gaps
(
socket.dev
)
3 points
by
feross
3 months ago
|
past
|
1 comment
More
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
