HK
Heykuki News
Top
New
Best
Ask
Show
Jobs
Toggle theme
Top
New
Best
Ask
Show
Jobs
Request
1.
▲
Shai-Hulud malware attack: Tinycolor and over 40 NPM packages compromised
socket.dev
1019 comments
9 months ago
jamesberthoty
1233 points
2.
▲
Shai-Hulud Themed Malware Found in the PyTorch Lightning AI Training Library
semgrep.dev
177 comments
2 months ago
j12y
465 points
3.
▲
Malware developers added nuclear and biological weapons text to to their spyware
twitter.com
238 comments
11 days ago
marc__1
459 points
4.
▲
Show HN: Socket – Secure your JavaScript supply chain
socket.dev
42 comments
4 years ago
feross
133 points
5.
▲
Show HN: Resource Index – FOSS Git Repository and NPM Package Index
res-index.hkit.cc
4 comments
2 years ago
aabbcc1241
14 points
6.
▲
Show HN: Socket web extension – free NPM supply chain protection
chrome.google.com
6 comments
3 years ago
101arrowz
10 points
7.
▲
Show HN: Aidevshield NPM audit for AI coding tool workflows
github.com/aidevshield
discuss
4 months ago
GrimLabs
1 points
8.
▲
Bitwarden CLI compromised in ongoing Checkmarx supply chain campaign
socket.dev
432 comments
2 months ago
tosh
872 points
9.
▲
Trivy under attack again: Widespread GitHub Actions tag compromise secrets
socket.dev
83 comments
3 months ago
jicea
250 points
10.
▲
NPM to implement staged publishing after turbulent shift off classic tokens
socket.dev
125 comments
5 months ago
feross
205 points
11.
▲
The Everything NPM Package
socket.dev
151 comments
2 years ago
defied
192 points
12.
▲
The push to ban ransom payments is gaining momentum
socket.dev
166 comments
2 years ago
feross
127 points
13.
▲
Social engineering campaign targeting tech employees spreads through NPM malware
socket.dev
87 comments
3 years ago
feross
114 points
14.
▲
Active NPM supply chain attack: Tinycolor and 40 Packages Compromised
socket.dev
36 comments
9 months ago
feross
85 points
15.
▲
German Court Fines Security Researcher for Reporting Company's Vulnerabilities
socket.dev
34 comments
2 years ago
ankitdce
77 points
16.
▲
OpenJS: "XZ Utils Cyberattack Likely Not an Isolated Incident"
socket.dev
25 comments
2 years ago
feross
65 points
17.
▲
What's Going on Inside Your Node_modules Folder?
socket.dev
33 comments
4 years ago
swyx
64 points
18.
▲
Chinese devs are storing 1000s of eBooks on GitHub and NPM
socket.dev
12 comments
4 years ago
feross
62 points
19.
▲
Unverified NPM Account Takeover Vulnerability for Sale on Dark Web Forum
socket.dev
4 comments
2 years ago
feross
53 points
20.
▲
Prettier NPM Packages Compromised in Supply Chain Attack
socket.dev
7 comments
a year ago
feross
45 points
21.
▲
Namecheap Takes Down Polyfill.io Service Following Supply Chain Attack
socket.dev
9 comments
2 years ago
feross
42 points
22.
▲
Curl Project and Go Security Teams Reject CVSS as Broken
socket.dev
10 comments
a year ago
feross
40 points
23.
▲
AI Hallucinations Are Fueling a New Class of Supply Chain Attacks
socket.dev
6 comments
a year ago
sksxihve
31 points
24.
▲
Gem.Coop – Community-Run Alternative to Rubygems.org, Led by Former Maintainers
socket.dev
3 comments
9 months ago
ciconia
30 points
25.
▲
Libxml2 Maintainer Ends Embargoed Vulnerability Reports, Citing Unsustainable
socket.dev
8 comments
a year ago
feross
27 points
26.
▲
DuckDB NPM Account Compromised in Continuing Supply Chain Attack
socket.dev
1 comment
9 months ago
feross
27 points
27.
▲
Automated Spam Campaign Floods GitHub/NPM with 1000s of Garbage Packages
socket.dev
4 comments
2 years ago
feross
25 points
28.
▲
New Rust RFC Proposes Adding Support for Trusted Publishing to Crates.io
socket.dev
13 comments
2 years ago
feross
24 points
29.
▲
New Proposed CISA Mandate Would Require Critical Infrastructure to Report Ransom
socket.dev
1 comment
2 years ago
feross
19 points
30.
▲
Malicious Postinstall Hook Found in 700 GitHub Repos, Including Node Projects
socket.dev
4 comments
a month ago
882542F3884314B
18 points
More