HK
Heykuki News
Top
New
Best
Ask
Show
Jobs
Toggle theme
Top
New
Best
Ask
Show
Jobs
Request
31.
▲
Go Supply Chain Attack: Malicious Package Exploits Go Module Proxy Caching For
socket.dev
3 comments
a year ago
feross
17 points
32.
▲
Go Supply Chain Attack: Malicious Package Exploits Go Module
socket.dev
discuss
a year ago
bamazizi
17 points
33.
▲
Supply Chain Attack Detected in Solana/Web3.js Library
socket.dev
discuss
2 years ago
feross
17 points
34.
▲
AI Agent Lands PRs in Major OSS Projects, Targets Maintainers via Cold Outreach
socket.dev
1 comment
4 months ago
cdrnsf
16 points
35.
▲
$4.6M Series Seed to defend open source from supply chain attacks
socket.dev
3 comments
4 years ago
feross
14 points
36.
▲
NPM 'Is' Package Hijacked in Expanding Supply Chain Attack
socket.dev
discuss
a year ago
feross
14 points
37.
▲
Open Source Maintainers Demand Ability to Block Copilot-Generated Issues and PRs
socket.dev
discuss
a year ago
gpi
14 points
38.
▲
Researcher Exposes 0-Day Clickjacking Vulnerabilities in Major Password Managers
socket.dev
5 comments
10 months ago
gpi
13 points
39.
▲
Socket AI – Scan every NPM and PyPI package for malware with ChatGPT
socket.dev
1 comment
3 years ago
feross
13 points
40.
▲
Express.js Spam PRs Highlight the Commoditization of Open Source Contributions
socket.dev
discuss
2 years ago
feross
13 points
41.
▲
Slopsquatting: AI Hallucinations Fuel New Class of Supply Chain Attacks
socket.dev
2 comments
a year ago
adriand
12 points
42.
▲
Supply Chain Attacks Targeting LLM Application Developers: The Hidden Dangers Of
socket.dev
2 comments
2 years ago
feross
12 points
43.
▲
The Rise of Slopsquatting
socket.dev
4 comments
a year ago
andrewnez
11 points
44.
▲
AI Slop Is Polluting Bug Bounty Platforms with Fake Vulnerability Reports
socket.dev
2 comments
a year ago
feross
11 points
45.
▲
Typosquatted Go Packages Deliver Malware Loader Targeting Linux and macOS
socket.dev
1 comment
a year ago
feross
11 points
46.
▲
NIST's New Password Guidelines Will Eliminate Periodic Changes and Special
socket.dev
1 comment
2 years ago
feross
11 points
47.
▲
Threat Actor Exposes Playbook for Exploiting NPM to Build Blockchain-Powered
socket.dev
discuss
2 years ago
feross
11 points
48.
▲
Socket, an open source supply chain security platform
socket.dev
discuss
4 years ago
todsacerdoti
11 points
49.
▲
Contagious Interview Campaign Escalates with 67 Malicious NPM Packages and New
socket.dev
3 comments
a year ago
feross
10 points
50.
▲
The GitHub Infrastructure Powering North Korea's Contagious Interview NPM Attack
socket.dev
1 comment
7 months ago
giuliomagnifico
10 points
51.
▲
Shai-Hulud-Style NPM Worm Hijacks CI Workflows and Poisons AI Toolchains
socket.dev
discuss
4 months ago
jicea
10 points
52.
▲
Wget to Wipeout: Malicious Go Modules Fetch Destructive Payload
socket.dev
discuss
a year ago
feross
10 points
53.
▲
Laravel Lang Compromised with RCE Backdoor Across 700 Versions
socket.dev
1 comment
a month ago
csmantle
9 points
54.
▲
Ongoing Supply Chain Attack Targets CrowdStrike NPM Packages
socket.dev
1 comment
9 months ago
TheCleric
9 points
55.
▲
Free Software Foundation Goes to Bat for AGPL in Amicus Brief Criticizing
socket.dev
1 comment
a year ago
feross
9 points
56.
▲
Redis License Shift Splits Community: Open-Source Contributors Move to Fork
socket.dev
1 comment
2 years ago
feross
9 points
57.
▲
Node.js Community Debate Intensifies over Potentially Unbundling NPM
socket.dev
discuss
2 years ago
feross
9 points
58.
▲
New Website "Is It FOSS?" Tracks Transparency in Open Source Distribution
socket.dev
1 comment
10 months ago
feross
8 points
59.
▲
AI Slop Is Polluting Bug Bounty Platforms with Fake Vulnerability Reports
socket.dev
1 comment
a year ago
Marceltan
8 points
60.
▲
Shai-Hulud-Style NPM Worm Hijacks CI Workflows and Poisons AI Toolchains
socket.dev
discuss
4 months ago
feross
8 points
More