Heykuki News
Top
New
Best
Ask
Show
Jobs
Toggle theme
Login
Top
New
Best
Ask
Show
Jobs
121.
▲
PyPI on Ultralytics Supply Chain Attack: Poor CI/CD Practices to Blame, No
(socket.dev)
4 points
feross
a year ago
1 comment
122.
▲
Malicious Maven Package Impersonating 'XZ for Java' Library Introduces Backdoor
(socket.dev)
4 points
feross
2 years ago
1 comment
123.
▲
New Axobject-Query Maintainer Faces Backlash over PR to Support Node.js 0.4
(socket.dev)
4 points
mmastrac
2 years ago
1 comment
124.
▲
New Research Shows Teams of LLM Agents Can Autonomously Exploit Zero-Day
(socket.dev)
4 points
feross
2 years ago
1 comment
125.
▲
The Alarming NVD Backlog: Over 50% of Known Exploited Vulnerabilities Await
(socket.dev)
4 points
feross
2 years ago
1 comment
126.
▲
Active Supply Chain Attack Compromises Antv Packages on NPM
(socket.dev)
4 points
882542F3884314B
25 days ago
discuss
127.
▲
Ruby Gems and Go Modules Impersonate Dev Tools to Steal Secrets and Poison CI
(socket.dev)
4 points
ilreb
a month ago
discuss
128.
▲
Malicious Checkmarx Artifacts Found in Official KICS Docker Repository
(socket.dev)
4 points
justsomehuman
2 months ago
discuss
129.
▲
Critical Security Vulnerability in React Server Components
(socket.dev)
4 points
feross
6 months ago
discuss
130.
▲
Rust Support Now in Beta
(socket.dev)
4 points
feross
9 months ago
discuss
131.
▲
Nx Investigation Reveals GitHub Actions Workflow Exploit Led to NPM Token Theft
(socket.dev)
4 points
feross
9 months ago
discuss
132.
▲
Rspack Introduces Rslint, a TypeScript-First Linter Written in Go
(socket.dev)
4 points
feross
10 months ago
discuss
133.
▲
Oxlint Introduces Type-Aware Linting Preview
(socket.dev)
4 points
feross
10 months ago
discuss
134.
▲
NPM 'Is' Package Hijacked in Expanding Supply Chain Attack
(socket.dev)
4 points
croes
a year ago
discuss
135.
▲
Knip Hits 500 Releases with v5.62.0, Improving TypeScript Config Detection and
(socket.dev)
4 points
feross
a year ago
discuss
136.
▲
ECMAScript 2025 Finalized with Iterator Helpers, Set Methods, RegExp.escape, and
(socket.dev)
4 points
feross
a year ago
discuss
137.
▲
Protestware in JavaScript UI Toolkits on NPM Target Russian Language Sites
(socket.dev)
4 points
feross
a year ago
discuss
138.
▲
Node.js Moves Toward Stable TypeScript Support with Amaro 1.0
(socket.dev)
4 points
feross
a year ago
discuss
139.
▲
Malicious Koishi Chatbot Plugin Exfiltrates Messages Triggered by 8-Character
(socket.dev)
4 points
feross
a year ago
discuss
140.
▲
Backdooring the IDE: Malicious NPM Packages Hijack Cursor Editor on macOS
(socket.dev)
4 points
gnabgib
a year ago
discuss
141.
▲
Go Support Is Now Generally Available
(socket.dev)
4 points
feross
a year ago
discuss
142.
▲
Vlt Launches Real-Time Dependency Analysis Powered by Socket
(socket.dev)
4 points
feross
a year ago
discuss
143.
▲
Oxlint Now in Beta with 500 Built-In Rules and 2X Faster JavaScript Linting
(socket.dev)
4 points
feross
a year ago
discuss
144.
▲
New PyPI Malware 'Set-Utils' Exfiltrates Ethereum Private Keys Through
(socket.dev)
4 points
feross
a year ago
discuss
145.
▲
Bybit Hack Puts Crypto Losses at $1.6B, Surpassing All of Last Year in Just Two
(socket.dev)
4 points
feross
a year ago
discuss
146.
▲
Opengrep Emerges as Open Source Alternative Amid Semgrep Licensing Controversy
(socket.dev)
4 points
feross
a year ago
discuss
147.
▲
Gmail for Exfiltration: Malicious NPM Packages Target Solana Private Keys and
(socket.dev)
4 points
feross
a year ago
discuss
148.
▲
Quasar Rat Disguised as an NPM Package for Detecting Vulnerabilities in Ethereum
(socket.dev)
4 points
feross
a year ago
discuss
149.
▲
The Business of Ransomware: Insights from Reddit AMA with Ransomware
(socket.dev)
4 points
feross
a year ago
discuss
150.
▲
Malicious NPM Packages Inject SSH Backdoors via Typosquatted Libraries
(socket.dev)
4 points
feross
2 years ago
discuss
More