Heykuki News
Top
New
Best
Ask
Show
Jobs
Toggle theme
Login
Top
New
Best
Ask
Show
Jobs
1.
▲
Malicious NPM package pino-SDK-v2 exfiltrates .env secrets to Discord
2 points
Sudhanshu2310
3 months ago
1 comment
2.
▲
Mini Shai-Hulud Strikes Again: 314 npm Packages Compromised
(safedep.io)
389 points
theanonymousone
18 days ago
310 comments
3.
▲
Mass NPM Supply Chain Attack Hits TanStack, Mistral AI, and 170 Packages
(safedep.io)
18 points
birdculture
25 days ago
2 comments
4.
▲
Megalodon: Mass GitHub Repo Backdooring via CI Workflows
(safedep.io)
17 points
Sudhanshu2310
15 days ago
discuss
5.
▲
Axios 1.14.1 and 0.30.4 Compromised via Stolen Maintainer Account on NPM
(safedep.io)
8 points
birdculture
2 months ago
discuss
6.
▲
Dynamic Malware Analysis of Open Source Packages at Scale
(safedep.io)
8 points
abhisek
a year ago
discuss
7.
▲
ESLint-Config-Prettier Compromised
(safedep.io)
7 points
danielskogly
10 months ago
discuss
8.
▲
Team PCP Strikes again – `telnyx` on PyPI gets compromised
(safedep.io)
5 points
Sahil121
2 months ago
discuss
9.
▲
Megalodon: Mass GitHub Repo Backdooring via CI Workflows
(safedep.io)
4 points
LaSombra
15 days ago
discuss
10.
▲
The software supply chain has a new problem: AI agents
(safedep.io)
4 points
Sudhanshu2310
3 months ago
discuss
11.
▲
Curious Case of Embedded Executable in a Newly Introduced Transitive Dependency
(safedep.io)
4 points
abhisek
7 months ago
discuss
12.
▲
Someone compromised SAP's NPM packages and used the CI pipeline against itself
(safedep.io)
3 points
birdculture
a month ago
discuss
13.
▲
Agent Skills Threat Model
(safedep.io)
3 points
abhisek
4 months ago
discuss
14.
▲
Malicious NPM Package Impersonating Popular Express Cookie Parser
(safedep.io)
3 points
Tomte
a year ago
discuss
15.
▲
SafeDep Vet - Open Source software supply chain dependency risks
(safedep.io)
2 points
madhuakula
3 years ago
2 comments
16.
▲
Compromised telnyx on PyPI
(safedep.io)
2 points
jruohonen
2 months ago
1 comment
17.
▲
Megalodon: Mass GitHub Repo Backdooring via CI Workflows
(safedep.io)
2 points
pabs3
14 days ago
discuss
18.
▲
Mass Supply Chain Attack Hits TanStack, Mistral AI NPM and PyPI Packages
(safedep.io)
2 points
patching-trowel
24 days ago
discuss
19.
▲
Mass Supply Chain Attack Hits TanStack, Mistral AI NPM and PyPI Packages
(safedep.io)
2 points
ezekg
25 days ago
discuss
20.
▲
Fairwords NPM packages compromised by credential worm stealing tokens and
(safedep.io)
2 points
birdculture
2 months ago
discuss
21.
▲
Malicious Packages Targeting Strapi Plugin Ecosystem Being Actively Published
(safedep.io)
2 points
birdculture
2 months ago
discuss
22.
▲
DarkGPT: Malicious Visual Studio Code Extension Targeting Developers
(safedep.io)
2 points
abhisek
6 months ago
discuss
23.
▲
NPM Supply Chain Malware with Self-Replicating Behaviour
(safedep.io)
2 points
abhisek
9 months ago
discuss
24.
▲
Tensorflow.js Typosquatting Attack: Malicious Package Targeting AI/ML Developers
(safedep.io)
2 points
abhisek
10 months ago
discuss
25.
▲
Secure Vibe Coding with AI Agents
(safedep.io)
2 points
abhisek
10 months ago
discuss
26.
▲
ESLint-config-prettier was compromised for 24hours
(safedep.io)
2 points
h1fra
10 months ago
discuss
27.
▲
Catching the Silent Threat: How Dynamic Analysis Revealed an NPM Attack Chain
(safedep.io)
2 points
abhisek
a year ago
discuss
28.
▲
Why Open Source Risks Are Larger Than Only Software Composition Analysis
(safedep.io)
2 points
abhisek
2 years ago
discuss
29.
▲
Typosquatt alert Malicious NPM Package: NYC-config
(safedep.io)
1 point
abhisek
a year ago
1 comment
30.
▲
Enforcing Dependency Cooldowns with CEL's Now() – Block Recent Package
(safedep.io)
1 point
birdculture
2 months ago
discuss
More