Hacker Newsnew | past | comments | ask | show | jobs | submit | abhisek's submissions login

1. Coruna: The Mysterious Journey of a Powerful iOS Exploit Kit (cloud.google.com) 1 point by abhisek 10 days ago | past | discuss 2. Step by Step Analysis of Malicious NPM Package (safedep.io) 1 point by abhisek 50 days ago | past 3. OpenClaw bot calls out maintainer when its PR got rejected (crabby-rathbun.github.io) 1 point by abhisek 58 days ago | past 4. Show HN: Gryph – Audit Trail for AI Coding Agents (Claude Code, Cursor, Gemini) (github.com/safedep) 1 point by abhisek 69 days ago | past 5. Agent Skills Threat Model (safedep.io) 3 points by abhisek 77 days ago | past 6. Catching malicious package releases using a transparency log (trailofbits.com) 3 points by abhisek 3 months ago | past 7. CVE-2025-66491: Traefik's "Verify=on" Turned TLS Off (aisle.com) 1 point by abhisek 4 months ago | past 8. DarkGPT: Malicious Visual Studio Code Extension Targeting Developers (safedep.io) 2 points by abhisek 4 months ago | past 9. Exposing and Exploiting Incomplete Branch Predictor Isolation in Cloud (ethz.ch) 1 point by abhisek 4 months ago | past 10. KnownSec breach: What we know so far (substack.com) 1 point by abhisek 5 months ago | past 11. Buying browser extensions for fun and profit (secureannex.com) 3 points by abhisek 5 months ago | past | 1 comment 12. Curious Case of Embedded Executable in a Newly Introduced Transitive Dependency (safedep.io) 4 points by abhisek 5 months ago | past 13. NPM Supply Chain Malware with Self-Replicating Behaviour (safedep.io) 2 points by abhisek 6 months ago | past 14. Tensorflow.js Typosquatting Attack: Malicious Package Targeting AI/ML Developers (safedep.io) 2 points by abhisek 8 months ago | past 15. Secure Vibe Coding with AI Agents (safedep.io) 2 points by abhisek 8 months ago | past 16. ESLint-config-prettier: How NPM Package with 30M Downloads Spread Malware (safedep.io) 1 point by abhisek 8 months ago | past 17. Scavenger Malware Distributed via ESLint-Config-Prettier NPM Package Hack (invokere.com) 1 point by abhisek 8 months ago | past 18. Near Real-Time Stream of Open Source Packages Published to Public Registries (vetpkg.dev) 2 points by abhisek 8 months ago | past 19. Critical RCE Vulnerability in Anthropic MCP Inspector – CVE-2025-49596 (oligo.security) 5 points by abhisek 9 months ago | past | 1 comment 20. Ask HN: HN: Why do we code review? 2 points by abhisek 9 months ago | past | 2 comments 21. The PostgreSQL Locking Trap That Killed Our Production API (and How We Fixed It) (root.sigsegv.in) 2 points by abhisek 9 months ago | past 22. Show HN: Xbom – Generate AI and SaaS-Aware SBOMs from Code Using Static Analysis (github.com/safedep) 3 points by abhisek 9 months ago | past 23. Vet MCP: Software Composition Analysis for AI Code Editors (github.com/safedep) 1 point by abhisek 10 months ago | past 24. Catching the Silent Threat: How Dynamic Analysis Revealed an NPM Attack Chain (safedep.io) 2 points by abhisek 10 months ago | past 25. Kubernetes Limits Links to Third Party Projects (github.com/kubernetes) 2 points by abhisek 10 months ago | past 26. Sneaky Malware Hidden in Transitive Dependency of ESLint-config-Airbnb-compat (root.sigsegv.in) 3 points by abhisek 11 months ago | past 27. PMG: Wraps Package Managers to Prevent Installation of Malicious OSS Packages (github.com/safedep) 6 points by abhisek 11 months ago | past 28. Why Build Software Frameworks (root.sigsegv.in) 2 points by abhisek 11 months ago | past 29. AI Agents Are Here. So Are the Threats (paloaltonetworks.com) 1 point by abhisek 11 months ago | past 30. Dynamic Malware Analysis of Open Source Packages at Scale (safedep.io) 8 points by abhisek 11 months ago | past More

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact Search: