Heykuki News
Top
New
Best
Ask
Show
Jobs
Toggle theme
Login
Top
New
Best
Ask
Show
Jobs
31.
▲
Go Supply Chain Attack: Malicious Package Exploits Go Module Proxy Caching For
(socket.dev)
17 points
feross
a year ago
3 comments
32.
▲
Go Supply Chain Attack: Malicious Package Exploits Go Module
(socket.dev)
17 points
bamazizi
a year ago
discuss
33.
▲
Supply Chain Attack Detected in Solana/Web3.js Library
(socket.dev)
17 points
feross
2 years ago
discuss
34.
▲
AI Agent Lands PRs in Major OSS Projects, Targets Maintainers via Cold Outreach
(socket.dev)
16 points
cdrnsf
4 months ago
1 comment
35.
▲
$4.6M Series Seed to defend open source from supply chain attacks
(socket.dev)
14 points
feross
4 years ago
3 comments
36.
▲
NPM 'Is' Package Hijacked in Expanding Supply Chain Attack
(socket.dev)
14 points
feross
a year ago
discuss
37.
▲
Open Source Maintainers Demand Ability to Block Copilot-Generated Issues and PRs
(socket.dev)
14 points
gpi
a year ago
discuss
38.
▲
Researcher Exposes 0-Day Clickjacking Vulnerabilities in Major Password Managers
(socket.dev)
13 points
gpi
10 months ago
5 comments
39.
▲
Socket AI – Scan every NPM and PyPI package for malware with ChatGPT
(socket.dev)
13 points
feross
3 years ago
1 comment
40.
▲
Express.js Spam PRs Highlight the Commoditization of Open Source Contributions
(socket.dev)
13 points
feross
2 years ago
discuss
41.
▲
Slopsquatting: AI Hallucinations Fuel New Class of Supply Chain Attacks
(socket.dev)
12 points
adriand
a year ago
2 comments
42.
▲
Supply Chain Attacks Targeting LLM Application Developers: The Hidden Dangers Of
(socket.dev)
12 points
feross
2 years ago
2 comments
43.
▲
The Rise of Slopsquatting
(socket.dev)
11 points
andrewnez
a year ago
4 comments
44.
▲
AI Slop Is Polluting Bug Bounty Platforms with Fake Vulnerability Reports
(socket.dev)
11 points
feross
a year ago
2 comments
45.
▲
Typosquatted Go Packages Deliver Malware Loader Targeting Linux and macOS
(socket.dev)
11 points
feross
a year ago
1 comment
46.
▲
NIST's New Password Guidelines Will Eliminate Periodic Changes and Special
(socket.dev)
11 points
feross
2 years ago
1 comment
47.
▲
Threat Actor Exposes Playbook for Exploiting NPM to Build Blockchain-Powered
(socket.dev)
11 points
feross
2 years ago
discuss
48.
▲
Socket, an open source supply chain security platform
(socket.dev)
11 points
todsacerdoti
4 years ago
discuss
49.
▲
Contagious Interview Campaign Escalates with 67 Malicious NPM Packages and New
(socket.dev)
10 points
feross
a year ago
3 comments
50.
▲
The GitHub Infrastructure Powering North Korea's Contagious Interview NPM Attack
(socket.dev)
10 points
giuliomagnifico
6 months ago
1 comment
51.
▲
Shai-Hulud-Style NPM Worm Hijacks CI Workflows and Poisons AI Toolchains
(socket.dev)
10 points
jicea
4 months ago
discuss
52.
▲
Wget to Wipeout: Malicious Go Modules Fetch Destructive Payload
(socket.dev)
10 points
feross
a year ago
discuss
53.
▲
Laravel Lang Compromised with RCE Backdoor Across 700 Versions
(socket.dev)
9 points
csmantle
21 days ago
1 comment
54.
▲
Ongoing Supply Chain Attack Targets CrowdStrike NPM Packages
(socket.dev)
9 points
TheCleric
9 months ago
1 comment
55.
▲
Free Software Foundation Goes to Bat for AGPL in Amicus Brief Criticizing
(socket.dev)
9 points
feross
a year ago
1 comment
56.
▲
Redis License Shift Splits Community: Open-Source Contributors Move to Fork
(socket.dev)
9 points
feross
2 years ago
1 comment
57.
▲
Node.js Community Debate Intensifies over Potentially Unbundling NPM
(socket.dev)
9 points
feross
2 years ago
discuss
58.
▲
New Website "Is It FOSS?" Tracks Transparency in Open Source Distribution
(socket.dev)
8 points
feross
10 months ago
1 comment
59.
▲
AI Slop Is Polluting Bug Bounty Platforms with Fake Vulnerability Reports
(socket.dev)
8 points
Marceltan
a year ago
1 comment
60.
▲
Shai-Hulud-Style NPM Worm Hijacks CI Workflows and Poisons AI Toolchains
(socket.dev)
8 points
feross
4 months ago
discuss
More