HK
Heykuki News
Top
New
Best
Ask
Show
Jobs
Toggle theme
Top
New
Best
Ask
Show
Jobs
Request
211.
▲
NPM Phishing Email Targets Developers with Typosquatted Domain
socket.dev
discuss
a year ago
feross
3 points
212.
▲
Open Source Maintainers Feeling the Weight of the EU's Cyber Resilience Act
socket.dev
discuss
a year ago
feross
3 points
213.
▲
Crates.io Implements Trusted Publishing Support
socket.dev
discuss
a year ago
feross
3 points
214.
▲
Socket at Black Hat and DEF Con 2025 in Las Vegas
socket.dev
discuss
a year ago
feross
3 points
215.
▲
Browserslist-Rs Gets Major Refactor, Cutting Binary Size by over 1MB
socket.dev
discuss
a year ago
feross
3 points
216.
▲
Malicious Python Package Typosquats Popular Passlib Library, Shuts Down Windows
socket.dev
discuss
a year ago
feross
3 points
217.
▲
Pnpm 10.12 Introduces Global Virtual Store and Expanded Version Catalogs
socket.dev
discuss
a year ago
feross
3 points
218.
▲
Malicious Ruby Gems Exfiltrate Telegram Tokens, Messages Following Vietnam Ban
socket.dev
discuss
a year ago
campuscodi
3 points
219.
▲
Malicious NPM Package Wipes Codebases with Remote Trigger
socket.dev
discuss
a year ago
feross
3 points
220.
▲
Malicious NPM Packages
socket.dev
discuss
a year ago
Tomte
3 points
221.
▲
Malicious NPM Packages Use Telegram to Exfiltrate BullX Credentials
socket.dev
discuss
a year ago
feross
3 points
222.
▲
Wget to Wipeout: Malicious Go Modules Fetch Destructive Payload
socket.dev
discuss
a year ago
6581
3 points
223.
▲
A New Overview in Our Dashboard
socket.dev
discuss
a year ago
feross
3 points
224.
▲
Module Reachability: Focus on the Vulnerabilities That Matter
socket.dev
discuss
a year ago
feross
3 points
225.
▲
The Bad Seeds: Malicious NPM and PyPI Packages Pose as Developer Tools to Steal
socket.dev
discuss
a year ago
feross
3 points
226.
▲
Malicious NPM Package Disguised as Advcash Integration Triggers Reverse Shell
socket.dev
discuss
a year ago
feross
3 points
227.
▲
Malicious PyPI Package Targets WooCommerce Stores with Automated Carding Attacks
socket.dev
discuss
a year ago
feross
3 points
228.
▲
OpenGrep Restores Fingerprinting in JSON and Sarif Outputs
socket.dev
discuss
a year ago
feross
3 points
229.
▲
NVD Concedes Inability to Keep Pace with Surging CVE Disclosures in 2025
socket.dev
discuss
a year ago
feross
3 points
230.
▲
GitHub Actions Supply Chain Attack Puts Projects at Risk
socket.dev
discuss
a year ago
feross
3 points
231.
▲
Tick Tock, Your Credentials Are Gone: The Maven Package with a Monthly Theft
socket.dev
discuss
a year ago
feross
3 points
232.
▲
The Pair Program Podcast: Feross Aboukhadijeh on Preserving Trust in Open Source
socket.dev
discuss
a year ago
feross
3 points
233.
▲
Malicious Go Package Exploits Go Module Proxy Caching for Persistence
socket.dev
discuss
a year ago
feross
3 points
234.
▲
OpenSSF Launches Open Source Project Security Baseline to Strengthen Software
socket.dev
discuss
a year ago
feross
3 points
235.
▲
Malicious PyPI Package Exploits Deezer API for Coordinated Music Piracy
socket.dev
discuss
a year ago
feross
3 points
236.
▲
Create React App Officially Deprecated Amid React 19 Compatibility Issues
socket.dev
discuss
a year ago
feross
3 points
237.
▲
Maven Central Adds Sigstore Signature Validation
socket.dev
discuss
a year ago
feross
3 points
238.
▲
PyPI's New Archival Feature Closes a Major Security Gap
socket.dev
discuss
a year ago
feross
3 points
239.
▲
Node.js EOL Versions CVE Dubbed the Worst CVE of the Year by Security Experts
socket.dev
discuss
a year ago
feross
3 points
240.
▲
Malicious PyPI Package 'Pycord-Self' Targets Discord Developers with Token Theft
socket.dev
discuss
a year ago
feross
3 points
More