Hacker Newsnew | past | comments | ask | show | jobs | submit | fromlogin
Shai-Hulud-Style NPM Worm Hijacks CI Workflows and Poisons AI Toolchains (socket.dev)
10 points by jicea 3 days ago | past | discuss
Shai-Hulud-Style NPM Worm Hijacks CI Workflows and Poisons AI Toolchains (socket.dev)
8 points by feross 4 days ago | past | discuss
Socket brings supply chain security to skills.sh (socket.dev)
1 point by ryoidong 5 days ago | past | discuss
AI Agent Lands PRs in Major OSS Projects, Targets Maintainers via Cold Outreach (socket.dev)
3 points by puppion 7 days ago | past | discuss
AI Agent Lands PRs in Major OSS Projects (socket.dev)
1 point by bradyholt 8 days ago | past | discuss
AI Agent Lands PRs in Major OSS Projects, Targets Maintainers via Cold Outreach (socket.dev)
2 points by choult 9 days ago | past | discuss
AI Agent Lands PRs in Major OSS Projects, Targets Maintainers via Cold Outreach (socket.dev)
16 points by cdrnsf 10 days ago | past | 1 comment
AI Agent Lands PRs in Major OSS Projects (socket.dev)
2 points by junon 10 days ago | past | discuss
Lodash's Security Reset and Maintenance Reboot (socket.dev)
5 points by todsacerdoti 23 days ago | past
GlassWorm Loader Hits Open VSX via Developer Account Compromise (socket.dev)
3 points by feross 24 days ago | past
Temporal API Ships in Chrome 144, Marking a Shift for JavaScript Date Handling (socket.dev)
1 point by thunderbong 38 days ago | past
Temporal API Ships in Chrome 144, Marking a Major Shift for JavaScript Date (socket.dev)
3 points by feross 39 days ago | past | 1 comment
Malicious Chrome Extension Steals MEXC API Keys for Account Takeover (socket.dev)
7 points by feross 43 days ago | past
Tailwind CSS Announces 75% Layoffs as LLMs Reshape OSS Business Models (socket.dev)
3 points by feross 47 days ago | past | 1 comment
NPM to implement staged publishing after turbulent shift off classic tokens (socket.dev)
205 points by feross 48 days ago | past | 125 comments
Malicious Chrome Extensions "Phantom Shuttle" Masquerade as a VPN to Intercept (socket.dev)
1 point by feross 64 days ago | past
The Supply Chain Nightmare Before Deployment (socket.dev)
2 points by feross 70 days ago | past | 1 comment
Malicious NuGet Package Typosquats Popular .NET Tracing Library to Steal Wallet (socket.dev)
3 points by feross 71 days ago | past
Deno 2.6 and Socket: Supply Chain Defense in Your CLI (socket.dev)
3 points by feross 74 days ago | past
Software Engineering Daily Podcast: Feross on AI, Open Source, and Supply Chain (socket.dev)
1 point by feross 75 days ago | past
NPM Revokes Classic Tokens, as OpenJS Warns Maintainers About OIDC Gaps (socket.dev)
3 points by feross 76 days ago | past | 1 comment
Rust RFC Proposes a Security Tab on Crates.io for RustSec Advisories (socket.dev)
2 points by feross 77 days ago | past
Malicious Crate Mimicking 'Finch' Exfiltrates Credentials via a Hidden (socket.dev)
2 points by feross 81 days ago | past
Malicious Go Packages Impersonate Google's UUID Library and Exfiltrate Data (socket.dev)
7 points by feross 81 days ago | past
November CVEs Fell 25% YoY, Driven by Slowdowns at Major CNAs (socket.dev)
2 points by feross 81 days ago | past
Critical Security Vulnerability in React Server Components (socket.dev)
4 points by feross 83 days ago | past
Scaling Socket from Zero to 10k Organizations (socket.dev)
2 points by feross 85 days ago | past
The GitHub Infrastructure Powering North Korea's Contagious Interview NPM Attack (socket.dev)
10 points by giuliomagnifico 87 days ago | past | 1 comment
The GitHub Infrastructure Powering North Korea's Contagious Interview NPM (socket.dev)
2 points by feross 3 months ago | past
Shai-Hulud Strikes Again, Again. (NPM Supply Chain Attack) (socket.dev)
3 points by pvtmert 3 months ago | past | 1 comment

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: