Home / Companies / Socket / Hacker News

Socket on HN

148 posts with 1+ points in 2024

Filters
Year:
Posts by Month (148 total)
Hacker News Posts
Title Points Comments Date
The Everything NPM Package 192 -- 2024-01-06
The push to ban ransom payments is gaining momentum 127 -- 2024-05-22
German Court Fines Security Researcher for Reporting Company's Vulnerabilities 77 -- 2024-01-23
OpenJS: "XZ Utils Cyberattack Likely Not an Isolated Incident" 65 -- 2024-04-17
Unverified NPM Account Takeover Vulnerability for Sale on Dark Web Forum 53 -- 2024-07-06
Namecheap Takes Down Polyfill.io Service Following Supply Chain Attack 42 -- 2024-06-26
Automated Spam Campaign Floods GitHub/NPM with 1000s of Garbage Packages 25 -- 2024-07-12
New Rust RFC Proposes Adding Support for Trusted Publishing to Crates.io 24 -- 2024-09-12
New Proposed CISA Mandate Would Require Critical Infrastructure to Report Ransom 19 -- 2024-03-29
Supply Chain Attack Detected in Solana/Web3.js Library 17 -- 2024-12-03
Express.js Spam PRs Highlight the Commoditization of Open Source Contributions 13 -- 2024-02-13
Supply Chain Attacks Targeting LLM Application Developers: The Hidden Dangers Of 12 -- 2024-10-24
NIST's New Password Guidelines Will Eliminate Periodic Changes and Special 11 -- 2024-09-26
Threat Actor Exposes Playbook for Exploiting NPM to Build Blockchain-Powered 11 -- 2024-11-19
Redis License Shift Splits Community: Open-Source Contributors Move to Fork 9 -- 2024-03-27
Node.js Community Debate Intensifies over Potentially Unbundling NPM 9 -- 2024-02-08
"Valkey" Open Source Redis Fork Backed by Linux Foundation, Amazon, Google 8 -- 2024-03-29
Judicious JSON 8 -- 2024-01-04
Over 20,000 backdoored NPM, PyPI, and Go packages detected by Socket 7 -- 2024-03-30
CISA Announces Initiative to Fortify Security of Open Source Package Registries 6 -- 2024-03-07
The Unpaid Backbone of Open Source: Solo Maintainers Face Increasing Security 5 -- 2024-09-23
New Axobject-Query Maintainer Faces Backlash over Controversial Decision To 5 -- 2024-06-25
Researchers Uncover NPM Registry Vulnerability to Cache Poisoning and DoS 5 -- 2024-06-15
Threat Actors Are Abusing GitHub's File Upload Feature to Host Malware 5 -- 2024-04-23
Rubygems.org Adds New Maintainer Role 5 -- 2024-11-13
Packaging Trends in Python: Highlights from the 2023 Developer Survey 5 -- 2024-09-03
Uv: Python's New High-Speed Package Manager Promises to Simplify Tooling 5 -- 2024-08-28
PyPI Slashes Malware Response Time: 90% of Issues Resolved in Under 24 … 5 -- 2024-08-21
Node.js Takes Steps Towards Removing Corepack 5 -- 2024-08-08
Ua-Parser-JS Drops MIT License, Adopts AGPLv3 and Pro Dual Licensing Model 5 -- 2024-06-18
Mobile, Alabama Hospital Refuses to Pay Settlement in Landmark Ransomware Death 5 -- 2024-05-30
Sonar to Acquire Tidelift, Scaling Open Source Maintainer Support 5 -- 2024-12-18
New Research Shows Teams of LLM Agents Can Autonomously Exploit Zero-Day 4 -- 2024-06-11
The Alarming NVD Backlog: Over 50% of Known Exploited Vulnerabilities Await 4 -- 2024-05-24
ESLint Is Now Language-Agnostic: Linting JSON, Markdown, and Beyond 4 -- 2024-10-04
NIST Misses 2024 Deadline to Clear NVD Backlog 4 -- 2024-10-01
3.7M Fake GitHub Stars: A Growing Threat Linked to Scams and Malware 4 -- 2024-08-27
Understanding the Risks of Trivial Packages in Modern Software Projects 4 -- 2024-08-22
Pnpm 9.5 Introduces Catalogs: Shareable Dependency Version Specifiers 4 -- 2024-07-08
OpenSSF Warns of Reputation Farming Leveraging Closed GitHub Issues and PRs 4 -- 2024-06-26
Python Software Foundation Announces 5-Year Sponsorship Commitment from Fastly 4 -- 2024-05-17
SSO 4 -- 2024-04-30
JSR Now in Public Beta, Aims to Shift Community Towards Using ESM … 4 -- 2024-03-05
Hackers are using package managers as vectors for deploying coinminer malware 4 -- 2024-01-05
Malicious NPM Packages Inject SSH Backdoors via Typosquatted Libraries 4 -- 2024-11-22
Stanford Study Finds 9.5% of Engineers Do Almost Nothing 4 -- 2024-11-27
Malicious Maven Package Impersonating 'XZ for Java' Library Introduces Backdoor 4 -- 2024-12-06
Supply Chain Attack on NPM Packages Injects Cryptojacking Malware 4 -- 2024-12-19
PyPI on Ultralytics Supply Chain Attack: Poor CI/CD Practices to Blame, No 4 -- 2024-12-14
The Business of Ransomware: Insights from Reddit AMA with Ransomware 4 -- 2024-12-17
Quasar Rat Disguised as an NPM Package for Detecting Vulnerabilities in Ethereum 4 -- 2024-12-20
Socket secures $40M to combat next-generation software supply chain attacks 3 -- 2024-10-22
2023 State of JavaScript Survey Highlights: Vite Dominates, TypeScript Adoption 3 -- 2024-06-23
Malicious NPM Package Exploits WhatsApp Authentication with Remote Kill Switch 3 -- 2024-11-15
NPM Malware Campaign Leverages Ethereum Smart Contracts to Evade 3 -- 2024-11-01
Dutch National Police Disrupt Redline and Meta Malware Operations 3 -- 2024-10-29
Ruby Support in Socket 3 -- 2024-10-21
Socket Optimize – CLI to override dependencies with tested, optimized versions 3 -- 2024-10-16
Typosquatting on PyPI: Malicious Package Mimics Popular 'Browser-Cookie3' 3 -- 2024-10-11
White House Cybersecurity Advisor Calls for Ban on Using Insurance Claims For 3 -- 2024-10-08
Cloudflare Adds Security.txt Setup Wizard 3 -- 2024-09-30
Malicious "express-dompurify" NPM Package Steals Browser and Cryptocurrency 3 -- 2024-09-27
Enisa 2024 Threat Landscape Report Warns of Increasing State-Sponsored Supply 3 -- 2024-09-27
Highlights from the 2024 Rails Community Survey 3 -- 2024-09-25
Combatting Alert Fatigue by Prioritizing Malicious Intent 3 -- 2024-09-23
Understanding License Exceptions: What Developers Need to Know 3 -- 2024-09-20
Developer Accuses Tencent of Copyright Violation After Python Utility's License 3 -- 2024-09-18
The Socket Python SDK 3 -- 2024-09-13
Python Software Foundation Expands CNA Scope to Include Pallets Projects 3 -- 2024-09-09
Developers Burned by Elasticsearch's License Change Aren't Going Back, Despite 3 -- 2024-09-06
Socket Protects Against Revival Hijacking Attacks on PyPI 3 -- 2024-09-06
Dashboard Analytics 3 -- 2024-09-05
OpenSSF 75% of New Developers Lack Secure Software Skills Amid Rising 3 -- 2024-09-03
Malicious 'Akiraa-Wb' NPM Package Exfiltrates Files to External Services Via 3 -- 2024-08-20
Node.js Doubles Security Releases with Newly Automated Process, Re-Evaluates 3 -- 2024-08-17
New Socket Web Extension, Take Socket with You 3 -- 2024-08-14
New Default Security Policies 3 -- 2024-08-14
White House Report Highlights Persistent Challenges and Urgent Needs in Open 3 -- 2024-08-13
Adoption of Trusted Publishers Growing Among Open Source Package Repositories 3 -- 2024-08-06
Node-IP Maintainer Restores GitHub Repo After Archiving Due to Overblown CVE 3 -- 2024-07-11
DOJ Cracks Down on Federal Contractors for Failing to Meet Cybersecurity 3 -- 2024-06-19
TC39 June 2024 Meeting Roundup: 8 Proposals Advanced to Next Stages 3 -- 2024-06-13
Trojan Embedded in Crytic-Compilers Python Package Targets Blockchain Utility 3 -- 2024-06-05
NIST Announces Major Contract to Clear NVD Backlog by September 3 -- 2024-06-04
ESLint Approves RFC to Add Support for TypeScript Config Files 3 -- 2024-05-25
OSI to Lead Discussions on Navigating the Challenges of Doing Business with … 3 -- 2024-04-12
Node.js TSC Confirms: No Intention to Remove NPM from Distribution 3 -- 2024-03-22
NVD Halts CVE Enrichment 3 -- 2024-03-19
OpenJS Launches New Collaboration to Improve Interoperability of JavaScript 3 -- 2024-02-27
JSR: What We Know So Far About Deno's New JavaScript Package Registry 3 -- 2024-02-24
Risky Business Podcast: Why Open Source Software Needs Better Malware Tracking 3 -- 2024-11-20
Malicious NPM Package Typosquats Popular TypeScript ESLint Plugin, Exfiltrates 3 -- 2024-12-11
Is Running Random Code from NPM Safe? 2 -- 2024-01-03
The AI Advantage: Reshaping Cybersecurity in the Age of Autonomous Threats 2 -- 2024-04-25
GitHub Activates Push Protection by Default After Detecting over 1M 2 -- 2024-03-04
The biggest package on npm is 5.96 GB 2 -- 2024-01-10
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories 2 -- 2024-11-13
Node.js Implements Stricter Policies for Semver-Major Pull Requests Ahead Of 2 -- 2024-11-08
Socket Recognized for Second Consecutive Year on Fortune Cyber 60 List 2 -- 2024-10-30
Noxia: Emerging Dark Web Hosting Provider Targets Python, Node.js, Go, and Rust 2 -- 2024-10-23
License Enforcement in Socket 2 -- 2024-10-17
Nightmares on NPM:How 2 Malicious Packages Facilitate Data Theft and Destruction 2 -- 2024-10-10
TC39 Advances 10 ECMAScript Proposals: Key Features to Watch 2 -- 2024-10-09
A Large-Scale Campaign to Artificially Boost Discord Server Metrics 2 -- 2024-10-04
Mitre Marks Major Milestone, Minting 400 CNAs as NVD Backlog Grows 2 -- 2024-08-14
Understanding the Security Concerns of NPM Shrinkwrap 2 -- 2024-08-09
Squarespace Domain Hijacks Enabled by Email Address Exploit on Migrated Accounts 2 -- 2024-07-16
Cyber Extortion Demands Skyrocket in 2023 While Fewer Companies Pay Ransoms 2 -- 2024-06-13
TC39 Advances Key Proposals: Deferred Import Evaluation, Error.isError(), RegExp 2 -- 2024-06-12
White House to Tackle Cybersecurity Regulation Fragmentation: CISOs Spend Up To 2 -- 2024-06-06
New Report Warns of LLM-Enhanced Cyber Threats: Polymorphic Malware, Customer 2 -- 2024-05-29
SEC Cracks Down on Unreported Data Breaches with New 30-Day Disclosure 2 -- 2024-05-21
LDAPjs Open Source Project Decommissioned After Maintainer Receives Abusive 2 -- 2024-05-17
CISA Launches Vulnrichment Project as NVD Backlog Hits 10k 2 -- 2024-05-10
Socket Partners with CISA to Champion 'Secure by Design' Standards 2 -- 2024-05-09
Risky Biz Podcast: How Shifts in Open Source Made It a Prime … 2 -- 2024-05-01
NPM Package for ReExt React Components Library Exfiltrates Git Credentials 2 -- 2024-04-18
Connect with Socket at RSA and BSidesSF 2024 2 -- 2024-04-15
Major Open Source Foundations Form Initiative Aimed at Building CRA-Compliant 2 -- 2024-04-04
Software Supply Chain Compromise Now the Top Threat of the Next Half … 2 -- 2024-04-02
How to Use Socket to Find Out If You Were Affected by … 2 -- 2024-03-31
Enhanced Security Scanning with Improved AI Alert Defaults 2 -- 2024-03-25
Alphv/BlackCat Fakes Law Enforcement Takedown to Scam Affiliates 2 -- 2024-03-06
Judicious JSON – Ultimate Guide to JSON 2 -- 2024-03-01
U.S. Sanctions LockBit Ransomware Affiliates, Law Enforcement Seizes Operations 2 -- 2024-02-22
Malicious NPM Package Targeting Roblox Users for Data Theft 2 -- 2024-02-06
$20M Series A to Secure Open Source Software 2 -- 2024-01-09
Input Validation Vulnerabilities Dominate MITRE's 2024 CWE Top List 2 -- 2024-11-22
NPM Updates Search Experience with New Objective Sorting Options 2 -- 2024-12-05
Typosquatting Cryptographic Libraries: Malicious NPM Packages Threaten Crypto 2 -- 2024-12-01
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on NPM 2 -- 2024-12-12
UnitedHealth Group Discloses Protected Health Information Compromised For 1 -- 2024-04-24
New Tea.xyz Crypto Spam Targets Open Source Projects on GitHub 1 -- 2024-03-06
Recent Trends in Malicious Packages Targeting Discord 1 -- 2024-05-08
AI and A16Z Podcast: Combatting Modern Supply Chain Attacks with AI 1 -- 2024-05-07
NIST Drafts New Security Framework to Tackle Emerging Risks of Generative AI 1 -- 2024-05-03
The Dark Side of Open Source 1 -- 2024-04-19
Dependency Visualization: An Interactive Way to See Dependencies At 1 -- 2024-04-11
Chinchilla Squeaks Podcast: Modern Solutions for Securing Software Supply Chains 1 -- 2024-04-09
NVD Remains Stalled on Enriching CVE's, Security Industry Criticizes NIST's 1 -- 2024-04-03
U.S. Government Budget Proposal Seeks Major Increase to Cybersecurity Funding In 1 -- 2024-03-14
Node Congress Speaker Showcase: Interview with Feross Aboukhadijeh 1 -- 2024-03-08
Interview on the Daytona DotFiles Insider Blog 1 -- 2024-02-28
LockBit Dubbed "Cyber Crime Unicorn" After Reports Estimate $1B+ in Stolen Funds 1 -- 2024-02-27
Protect Your Projects from the Risks of Deprecated NPM Packages 1 -- 2024-02-01
A Short History of Protestware 1 -- 2024-01-16
'Blank Grabber' Python Package Steals Info from Discord and Telegram 1 -- 2024-01-09
Orbit Bridge Hackers Drain $81M in Crypto Assets 1 -- 2024-01-04
Plushcap, by Matt Makai. 2021-2026.