Hacker Newsnew | past | comments | ask | show | jobs | submit | from login

Laravel Lang Compromised with RCE Backdoor Across 700 Versions (socket.dev) 4 points by gpi 7 hours ago | past | discuss Malicious Postinstall Hook Found in 700 GitHub Repos, Including Node Projects (socket.dev) 15 points by 882542F3884314B 9 hours ago | past | 4 comments Socket raises $60M Series C at $1B valuation (socket.dev) 3 points by slymax 1 day ago | past | discuss Active Supply Chain Attack Compromises Antv Packages on NPM (socket.dev) 4 points by 882542F3884314B 4 days ago | past | discuss Popular node-ipc NPM Package Infected with Credential Stealer (socket.dev) 3 points by csmantle 8 days ago | past | discuss Fsnotify Maintainer Dispute Sparks Supply Chain Concerns (socket.dev) 1 point by elashri 10 days ago | past | discuss TanStack NPM Packages Compromised in Ongoing Mini Shai-Hulud Supply-Chain Attack (socket.dev) 2 points by croes 11 days ago | past | 1 comment Tanstack NPM Packages Compromised in Ongoing Supply-Chain Attack (socket.dev) 6 points by pier25 11 days ago | past | 1 comment PyPI Fixes High-Severity Access Control Issues Found in Security Audit (socket.dev) 1 point by feross 21 days ago | past Ruby Gems and Go Modules Impersonate Dev Tools to Steal Secrets and Poison CI (socket.dev) 4 points by ilreb 22 days ago | past SAP Cap NPM Packages Hit by Supply Chain Attack (socket.dev) 2 points by salkahfi 23 days ago | past Socket Has Acquired Secure Annex (socket.dev) 3 points by ilreb 24 days ago | past Namastex.ai NPM Packages Hit with TeamPCP-Style CanisterWorm Malware (socket.dev) 1 point by My_Name 26 days ago | past Open VSX Sleeper Extensions Linked to GlassWorm Show New Malware Activations (socket.dev) 1 point by salkahfi 28 days ago | past Introducing Data Exports (socket.dev) 1 point by ilreb 29 days ago | past Malicious Checkmarx Artifacts Found in Official KICS Docker Repository (socket.dev) 1 point by darkwater 29 days ago | past Bitwarden CLI compromised in ongoing Checkmarx supply chain campaign (socket.dev) 872 points by tosh 29 days ago | past | 431 comments Malicious Checkmarx Artifacts Found in Official KICS Docker Repo and Code Ext (socket.dev) 3 points by orkj 30 days ago | past Malicious Checkmarx Artifacts Found in Official KICS Docker Repository (socket.dev) 4 points by justsomehuman 30 days ago | past 108 Chrome Extensions Linked to Data Exfiltration and Session Theft via C2 (socket.dev) 6 points by jbegley 39 days ago | past Axios Supply Chain Attack Reaches OpenAI macOS Signing Pipeline (socket.dev) 3 points by salkahfi 42 days ago | past | 1 comment North Korea's Contagious Interview Campaign Spreads Across 5 Ecosystems (socket.dev) 2 points by pier25 45 days ago | past Attackers Are Hunting High-Impact Node.js Maintainers with Social Engineering (socket.dev) 3 points by pier25 49 days ago | past | 2 comments Axios Maintainer Confirms Social Engineering Attack Behind NPM Compromise (socket.dev) 5 points by feross 50 days ago | past The Hidden Blast Radius of the Axios Compromise (socket.dev) 6 points by feross 51 days ago | past Supply Chain Attack on Axios Pulls Malicious Dependency from NPM (socket.dev) 2 points by dsr12 53 days ago | past TeamPCP Is Systematically Targeting Security Tools Across the OSS Ecosystem (socket.dev) 5 points by pier25 59 days ago | past Trivy Supply Chain Attack Expands to Compromised Docker Images (socket.dev) 5 points by feross 61 days ago | past | 3 comments Trivy under attack again: Widespread GitHub Actions tag compromise secrets (socket.dev) 250 points by jicea 62 days ago | past | 83 comments Trivy Under Attack Again: Widespread GitHub Actions Tag Compromise Exposes (socket.dev) 3 points by tamnd 63 days ago | past | 1 comment More

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact Search: