Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
|
from
login
Trivy Supply Chain Attack Expands to Compromised Docker Images
(
socket.dev
)
5 points
by
feross
1 day ago
|
past
|
3 comments
Trivy under attack again: Widespread GitHub Actions tag compromise secrets
(
socket.dev
)
229 points
by
jicea
2 days ago
|
past
|
79 comments
Trivy Under Attack Again: Widespread GitHub Actions Tag Compromise Exposes
(
socket.dev
)
3 points
by
tamnd
3 days ago
|
past
|
1 comment
CanisterWorm: NPM Publisher Compromise Deploys Backdoor Across 29 Packages
(
socket.dev
)
3 points
by
pier25
3 days ago
|
past
|
discuss
Widespread Trivvy GitHub Actions Tag Compromise Exposes CI/CD Secrets
(
socket.dev
)
7 points
by
donutshop
4 days ago
|
past
|
1 comment
Enisa Technical Advisory on Secure Use of Package Managers
(
socket.dev
)
6 points
by
pier25
4 days ago
|
past
|
discuss
Malicious NPM Packages Use Pastebin Steganography to Deploy Credential Stealer
(
socket.dev
)
2 points
by
feross
24 days ago
|
past
Malicious Go "Crypto" Module Steals Passwords and Deploys Rekoobe Backdoor
(
socket.dev
)
3 points
by
feross
25 days ago
|
past
Shai-Hulud-Style NPM Worm Hijacks CI Workflows and Poisons AI Toolchains
(
socket.dev
)
10 points
by
jicea
30 days ago
|
past
Shai-Hulud-Style NPM Worm Hijacks CI Workflows and Poisons AI Toolchains
(
socket.dev
)
8 points
by
feross
31 days ago
|
past
Socket brings supply chain security to skills.sh
(
socket.dev
)
2 points
by
ryoidong
33 days ago
|
past
AI Agent Lands PRs in Major OSS Projects, Targets Maintainers via Cold Outreach
(
socket.dev
)
3 points
by
puppion
34 days ago
|
past
AI Agent Lands PRs in Major OSS Projects
(
socket.dev
)
1 point
by
bradyholt
35 days ago
|
past
AI Agent Lands PRs in Major OSS Projects, Targets Maintainers via Cold Outreach
(
socket.dev
)
2 points
by
choult
37 days ago
|
past
AI Agent Lands PRs in Major OSS Projects, Targets Maintainers via Cold Outreach
(
socket.dev
)
16 points
by
cdrnsf
37 days ago
|
past
|
1 comment
AI Agent Lands PRs in Major OSS Projects
(
socket.dev
)
2 points
by
junon
38 days ago
|
past
Lodash's Security Reset and Maintenance Reboot
(
socket.dev
)
5 points
by
todsacerdoti
50 days ago
|
past
GlassWorm Loader Hits Open VSX via Developer Account Compromise
(
socket.dev
)
3 points
by
feross
51 days ago
|
past
Temporal API Ships in Chrome 144, Marking a Shift for JavaScript Date Handling
(
socket.dev
)
1 point
by
thunderbong
66 days ago
|
past
Temporal API Ships in Chrome 144, Marking a Major Shift for JavaScript Date
(
socket.dev
)
3 points
by
feross
66 days ago
|
past
|
1 comment
Malicious Chrome Extension Steals MEXC API Keys for Account Takeover
(
socket.dev
)
7 points
by
feross
70 days ago
|
past
Tailwind CSS Announces 75% Layoffs as LLMs Reshape OSS Business Models
(
socket.dev
)
3 points
by
feross
74 days ago
|
past
|
1 comment
NPM to implement staged publishing after turbulent shift off classic tokens
(
socket.dev
)
205 points
by
feross
75 days ago
|
past
|
125 comments
Malicious Chrome Extensions "Phantom Shuttle" Masquerade as a VPN to Intercept
(
socket.dev
)
1 point
by
feross
3 months ago
|
past
The Supply Chain Nightmare Before Deployment
(
socket.dev
)
2 points
by
feross
3 months ago
|
past
|
1 comment
Malicious NuGet Package Typosquats Popular .NET Tracing Library to Steal Wallet
(
socket.dev
)
3 points
by
feross
3 months ago
|
past
Deno 2.6 and Socket: Supply Chain Defense in Your CLI
(
socket.dev
)
3 points
by
feross
3 months ago
|
past
Software Engineering Daily Podcast: Feross on AI, Open Source, and Supply Chain
(
socket.dev
)
1 point
by
feross
3 months ago
|
past
NPM Revokes Classic Tokens, as OpenJS Warns Maintainers About OIDC Gaps
(
socket.dev
)
3 points
by
feross
3 months ago
|
past
|
1 comment
Rust RFC Proposes a Security Tab on Crates.io for RustSec Advisories
(
socket.dev
)
2 points
by
feross
3 months ago
|
past
More
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
