Hacker Newsnew | past | comments | ask | show | jobs | submit | from login

Socket Has Acquired Secure Annex (socket.dev) 3 points by ilreb 2 hours ago | past | discuss Namastex.ai NPM Packages Hit with TeamPCP-Style CanisterWorm Malware (socket.dev) 1 point by My_Name 1 day ago | past | discuss Open VSX Sleeper Extensions Linked to GlassWorm Show New Malware Activations (socket.dev) 1 point by salkahfi 3 days ago | past | discuss Introducing Data Exports (socket.dev) 1 point by ilreb 4 days ago | past | discuss Malicious Checkmarx Artifacts Found in Official KICS Docker Repository (socket.dev) 1 point by darkwater 5 days ago | past | discuss Bitwarden CLI compromised in ongoing Checkmarx supply chain campaign (socket.dev) 869 points by tosh 5 days ago | past | 427 comments Malicious Checkmarx Artifacts Found in Official KICS Docker Repo and Code Ext (socket.dev) 3 points by orkj 5 days ago | past | discuss Malicious Checkmarx Artifacts Found in Official KICS Docker Repository (socket.dev) 4 points by justsomehuman 5 days ago | past | discuss 108 Chrome Extensions Linked to Data Exfiltration and Session Theft via C2 (socket.dev) 6 points by jbegley 14 days ago | past Axios Supply Chain Attack Reaches OpenAI macOS Signing Pipeline (socket.dev) 3 points by salkahfi 17 days ago | past | 1 comment North Korea's Contagious Interview Campaign Spreads Across 5 Ecosystems (socket.dev) 2 points by pier25 20 days ago | past Attackers Are Hunting High-Impact Node.js Maintainers with Social Engineering (socket.dev) 3 points by pier25 24 days ago | past | 2 comments Axios Maintainer Confirms Social Engineering Attack Behind NPM Compromise (socket.dev) 5 points by feross 25 days ago | past The Hidden Blast Radius of the Axios Compromise (socket.dev) 6 points by feross 26 days ago | past Supply Chain Attack on Axios Pulls Malicious Dependency from NPM (socket.dev) 2 points by dsr12 28 days ago | past TeamPCP Is Systematically Targeting Security Tools Across the OSS Ecosystem (socket.dev) 5 points by pier25 34 days ago | past Trivy Supply Chain Attack Expands to Compromised Docker Images (socket.dev) 5 points by feross 36 days ago | past | 3 comments Trivy under attack again: Widespread GitHub Actions tag compromise secrets (socket.dev) 250 points by jicea 37 days ago | past | 83 comments Trivy Under Attack Again: Widespread GitHub Actions Tag Compromise Exposes (socket.dev) 3 points by tamnd 38 days ago | past | 1 comment CanisterWorm: NPM Publisher Compromise Deploys Backdoor Across 29 Packages (socket.dev) 3 points by pier25 38 days ago | past Widespread Trivvy GitHub Actions Tag Compromise Exposes CI/CD Secrets (socket.dev) 7 points by donutshop 39 days ago | past | 1 comment Enisa Technical Advisory on Secure Use of Package Managers (socket.dev) 6 points by pier25 39 days ago | past Malicious NPM Packages Use Pastebin Steganography to Deploy Credential Stealer (socket.dev) 2 points by feross 59 days ago | past Malicious Go "Crypto" Module Steals Passwords and Deploys Rekoobe Backdoor (socket.dev) 3 points by feross 60 days ago | past Shai-Hulud-Style NPM Worm Hijacks CI Workflows and Poisons AI Toolchains (socket.dev) 10 points by jicea 65 days ago | past Shai-Hulud-Style NPM Worm Hijacks CI Workflows and Poisons AI Toolchains (socket.dev) 8 points by feross 66 days ago | past Socket brings supply chain security to skills.sh (socket.dev) 2 points by ryoidong 68 days ago | past AI Agent Lands PRs in Major OSS Projects, Targets Maintainers via Cold Outreach (socket.dev) 3 points by puppion 69 days ago | past AI Agent Lands PRs in Major OSS Projects (socket.dev) 1 point by bradyholt 70 days ago | past AI Agent Lands PRs in Major OSS Projects, Targets Maintainers via Cold Outreach (socket.dev) 2 points by choult 72 days ago | past More

Consider applying for YC's Summer 2026 batch! Applications are open till May 4 Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact Search: