Hacker Newsnew | past | comments | ask | show | jobs | submit | fromlogin
Fsnotify Maintainer Dispute Sparks Supply Chain Concerns (socket.dev)
1 point by elashri 1 day ago | past | discuss
TanStack NPM Packages Compromised in Ongoing Mini Shai-Hulud Supply-Chain Attack (socket.dev)
2 points by croes 2 days ago | past | 1 comment
Tanstack NPM Packages Compromised in Ongoing Supply-Chain Attack (socket.dev)
6 points by pier25 2 days ago | past | 1 comment
PyPI Fixes High-Severity Access Control Issues Found in Security Audit (socket.dev)
1 point by feross 12 days ago | past | discuss
Ruby Gems and Go Modules Impersonate Dev Tools to Steal Secrets and Poison CI (socket.dev)
4 points by ilreb 13 days ago | past | discuss
SAP Cap NPM Packages Hit by Supply Chain Attack (socket.dev)
2 points by salkahfi 14 days ago | past
Socket Has Acquired Secure Annex (socket.dev)
3 points by ilreb 15 days ago | past
Namastex.ai NPM Packages Hit with TeamPCP-Style CanisterWorm Malware (socket.dev)
1 point by My_Name 17 days ago | past
Open VSX Sleeper Extensions Linked to GlassWorm Show New Malware Activations (socket.dev)
1 point by salkahfi 19 days ago | past
Introducing Data Exports (socket.dev)
1 point by ilreb 20 days ago | past
Malicious Checkmarx Artifacts Found in Official KICS Docker Repository (socket.dev)
1 point by darkwater 20 days ago | past
Bitwarden CLI compromised in ongoing Checkmarx supply chain campaign (socket.dev)
872 points by tosh 20 days ago | past | 431 comments
Malicious Checkmarx Artifacts Found in Official KICS Docker Repo and Code Ext (socket.dev)
3 points by orkj 21 days ago | past
Malicious Checkmarx Artifacts Found in Official KICS Docker Repository (socket.dev)
4 points by justsomehuman 21 days ago | past
108 Chrome Extensions Linked to Data Exfiltration and Session Theft via C2 (socket.dev)
6 points by jbegley 30 days ago | past
Axios Supply Chain Attack Reaches OpenAI macOS Signing Pipeline (socket.dev)
3 points by salkahfi 33 days ago | past | 1 comment
North Korea's Contagious Interview Campaign Spreads Across 5 Ecosystems (socket.dev)
2 points by pier25 36 days ago | past
Attackers Are Hunting High-Impact Node.js Maintainers with Social Engineering (socket.dev)
3 points by pier25 40 days ago | past | 2 comments
Axios Maintainer Confirms Social Engineering Attack Behind NPM Compromise (socket.dev)
5 points by feross 41 days ago | past
The Hidden Blast Radius of the Axios Compromise (socket.dev)
6 points by feross 42 days ago | past
Supply Chain Attack on Axios Pulls Malicious Dependency from NPM (socket.dev)
2 points by dsr12 44 days ago | past
TeamPCP Is Systematically Targeting Security Tools Across the OSS Ecosystem (socket.dev)
5 points by pier25 50 days ago | past
Trivy Supply Chain Attack Expands to Compromised Docker Images (socket.dev)
5 points by feross 52 days ago | past | 3 comments
Trivy under attack again: Widespread GitHub Actions tag compromise secrets (socket.dev)
250 points by jicea 53 days ago | past | 83 comments
Trivy Under Attack Again: Widespread GitHub Actions Tag Compromise Exposes (socket.dev)
3 points by tamnd 54 days ago | past | 1 comment
CanisterWorm: NPM Publisher Compromise Deploys Backdoor Across 29 Packages (socket.dev)
3 points by pier25 54 days ago | past
Widespread Trivvy GitHub Actions Tag Compromise Exposes CI/CD Secrets (socket.dev)
7 points by donutshop 55 days ago | past | 1 comment
Enisa Technical Advisory on Secure Use of Package Managers (socket.dev)
6 points by pier25 55 days ago | past
Malicious NPM Packages Use Pastebin Steganography to Deploy Credential Stealer (socket.dev)
2 points by feross 75 days ago | past
Malicious Go "Crypto" Module Steals Passwords and Deploys Rekoobe Backdoor (socket.dev)
3 points by feross 76 days ago | past

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: