Home / Companies / Socket / Hacker News

Socket on HN

137 posts with 1+ points in 2025

Filters
Year:
Posts by Month (137 total)
Hacker News Posts
Title Points Comments Date
Shai-Hulud malware attack: Tinycolor and over 40 NPM packages compromised 1,231 -- 2025-09-16
Active NPM supply chain attack: Tinycolor and 40 Packages Compromised 85 -- 2025-09-15
Prettier NPM Packages Compromised in Supply Chain Attack 45 -- 2025-07-19
Curl Project and Go Security Teams Reject CVSS as Broken 40 -- 2025-01-24
AI Hallucinations Are Fueling a New Class of Supply Chain Attacks 31 -- 2025-04-12
Gem.Coop – Community-Run Alternative to Rubygems.org, Led by Former Maintainers 30 -- 2025-10-06
Libxml2 Maintainer Ends Embargoed Vulnerability Reports, Citing Unsustainable 27 -- 2025-06-18
DuckDB NPM Account Compromised in Continuing Supply Chain Attack 27 -- 2025-09-09
Go Supply Chain Attack: Malicious Package Exploits Go Module Proxy Caching For 17 -- 2025-02-04
Open Source Maintainers Demand Ability to Block Copilot-Generated Issues and PRs 14 -- 2025-05-20
NPM 'Is' Package Hijacked in Expanding Supply Chain Attack 14 -- 2025-07-22
Researcher Exposes 0-Day Clickjacking Vulnerabilities in Major Password Managers 13 -- 2025-08-19
Typosquatted Go Packages Deliver Malware Loader Targeting Linux and macOS 11 -- 2025-03-04
AI Slop Is Polluting Bug Bounty Platforms with Fake Vulnerability Reports 11 -- 2025-05-07
Wget to Wipeout: Malicious Go Modules Fetch Destructive Payload 10 -- 2025-05-01
Contagious Interview Campaign Escalates with 67 Malicious NPM Packages and New 10 -- 2025-07-14
The GitHub Infrastructure Powering North Korea's Contagious Interview NPM Attack 10 -- 2025-11-29
Free Software Foundation Goes to Bat for AGPL in Amicus Brief Criticizing 9 -- 2025-03-06
PyPI Now Supports iOS and Android Wheels for Mobile Python Development 8 -- 2025-02-12
Python Adopts Standard Lock File Format for Reproducible Installs 8 -- 2025-04-01
Rust Support in Socket 8 -- 2025-07-31
New Website "Is It FOSS?" Tracks Transparency in Open Source Distribution 8 -- 2025-08-16
Socket Firewall: Free, Proactive Protection for Your Software Supply 8 -- 2025-09-30
North Korean Apt Lazarus Targets Developers with Malicious NPM Package 7 -- 2025-01-30
TC39 advances proposals for RegExp Escaping, Float16Array, Redeclarable vars 7 -- 2025-02-20
.NET Support in Socket 7 -- 2025-04-21
Potemkin Understanding in LLMs: New Study Reveals Flaws in AI Benchmarks 7 -- 2025-07-05
Linux Foundation Warns Open Source Developers: Compliance with Sanctions Is Not 6 -- 2025-02-07
React Team Updates CRA Migration Guidance After Community Pushback 6 -- 2025-02-19
Deno 2.2 Improves Dependency Management and Expands Node.js Compatibility 6 -- 2025-02-20
Obfuscation 101: Unmasking the Tricks Behind Malicious Code 6 -- 2025-03-28
Repository Labels and Security Policies 6 -- 2025-04-22
The Growing Risk of Malicious Browser Extensions 6 -- 2025-06-13
Django Joins Curl in Pushing Back on AI Slop Security Reports 6 -- 2025-06-30
CISA Extends Mitre Contract as Crisis Accelerates Alternative CVE Coordination 5 -- 2025-04-16
CISA Rebuffs Funding Concerns as CVE Foundation Draws Criticism 5 -- 2025-04-24
Using Trusted Protocols Against You: Gmail as a C2 Mechanism 5 -- 2025-04-30
NPM targeted by malware campaign mimicking familiar library names 5 -- 2025-05-02
Opengrep Adds Apex Support and New Rule Controls in Latest Updates 5 -- 2025-08-12
Bun 1.2.19 Adds Isolated Installs for Better Monorepo Support 5 -- 2025-07-22
Gmail for Exfiltration: Malicious NPM Packages Target Solana Private Keys and 4 -- 2025-01-08
Bun 1.2 Released with 90% Node.js Compatibility and Built-In S3 Object Support 4 -- 2025-01-22
Opengrep Emerges as Open Source Alternative Amid Semgrep Licensing Controversy 4 -- 2025-01-28
New PyPI Malware 'Set-Utils' Exfiltrates Ethereum Private Keys Through 4 -- 2025-03-05
Bybit Hack Puts Crypto Losses at $1.6B, Surpassing All of Last Year … 4 -- 2025-03-04
Go Support Is Now Generally Available 4 -- 2025-04-17
Vlt Launches Real-Time Dependency Analysis Powered by Socket 4 -- 2025-04-17
Oxlint Now in Beta with 500 Built-In Rules and 2X Faster JavaScript … 4 -- 2025-03-18
Node.js Homepage Adds Paid Support Link, Prompting Contributor Pushback 4 -- 2025-06-26
ECMAScript 2025 Finalized with Iterator Helpers, Set Methods, RegExp.escape, and 4 -- 2025-06-29
Protestware in JavaScript UI Toolkits on NPM Target Russian Language Sites 4 -- 2025-06-19
Node.js Moves Toward Stable TypeScript Support with Amaro 1.0 4 -- 2025-06-11
Malicious Koishi Chatbot Plugin Exfiltrates Messages Triggered by 8-Character 4 -- 2025-05-19
NPM Author Qix Compromised via Phishing Email 4 -- 2025-09-08
Surveillance Malware Hidden in NPM and PyPI Packages Targets Developers With 4 -- 2025-07-23
Rust Support Now in Beta 4 -- 2025-09-11
Nx Investigation Reveals GitHub Actions Workflow Exploit Led to NPM Token Theft 4 -- 2025-09-03
Rspack Introduces Rslint, a TypeScript-First Linter Written in Go 4 -- 2025-08-20
Oxlint Introduces Type-Aware Linting Preview 4 -- 2025-08-18
Knip Hits 500 Releases with v5.62.0, Improving TypeScript Config Detection and 4 -- 2025-07-18
Malicious NPM Campaign Targets Ethereum Developers with Fake Hardhat Packages 3 -- 2025-01-03
Weaponizing OAST: Malicious Packages Exploit NPM, PyPI, and RubyGems 3 -- 2025-01-04
Fluent Assertions Faces Backlash After Abandoning Open Source Licensing 3 -- 2025-01-20
PyPI's New Archival Feature Closes a Major Security Gap 3 -- 2025-01-30
Node.js EOL Versions CVE Dubbed the Worst CVE of the Year by … 3 -- 2025-01-24
Malicious PyPI Package 'Pycord-Self' Targets Discord Developers with Token Theft 3 -- 2025-01-16
Malicious PyPI Package Exploits Deezer API for Coordinated Music Piracy 3 -- 2025-02-26
Create React App Officially Deprecated Amid React 19 Compatibility Issues 3 -- 2025-02-11
Maven Central Adds Sigstore Signature Validation 3 -- 2025-02-06
Tick Tock, Your Credentials Are Gone: The Maven Package with a Monthly … 3 -- 2025-03-14
The Pair Program Podcast: Feross Aboukhadijeh on Preserving Trust in Open Source 3 -- 2025-03-10
OpenSSF Launches Open Source Project Security Baseline to Strengthen Software 3 -- 2025-02-28
A New Overview in Our Dashboard 3 -- 2025-04-29
Module Reachability: Focus on the Vulnerabilities That Matter 3 -- 2025-04-23
The Bad Seeds: Malicious NPM and PyPI Packages Pose as Developer Tools … 3 -- 2025-04-22
Malicious NPM Package Disguised as Advcash Integration Triggers Reverse Shell 3 -- 2025-04-14
Malicious PyPI Package Targets WooCommerce Stores with Automated Carding Attacks 3 -- 2025-04-03
OpenGrep Restores Fingerprinting in JSON and Sarif Outputs 3 -- 2025-03-31
NVD Concedes Inability to Keep Pace with Surging CVE Disclosures in 2025 3 -- 2025-03-28
GitHub Actions Supply Chain Attack Puts Projects at Risk 3 -- 2025-03-17
Backdooring the IDE: Malicious NPM Packages Hijack Cursor Editor on macOS 3 -- 2025-05-10
Malicious NPM Packages Use Telegram to Exfiltrate BullX Credentials 3 -- 2025-05-08
Malicious 'Checker' Packages on PyPI Probe TikTok and Instagram for Valid 3 -- 2025-05-15
Malicious Python Package Typosquats Popular Passlib Library, Shuts Down Windows 3 -- 2025-06-24
Pnpm 10.12 Introduces Global Virtual Store and Expanded Version Catalogs 3 -- 2025-06-11
Malicious Ruby Gems Exfiltrate Telegram Tokens, Messages Following Vietnam Ban 3 -- 2025-06-03
Malicious NPM Package Wipes Codebases with Remote Trigger 3 -- 2025-05-30
Malicious NPM Packages 3 -- 2025-05-26
Crates.io Implements Trusted Publishing Support 3 -- 2025-07-16
Socket at Black Hat and DEF Con 2025 in Las Vegas 3 -- 2025-07-13
Browserslist-Rs Gets Major Refactor, Cutting Binary Size by over 1MB 3 -- 2025-07-04
Rv Is a New Rust-Powered Ruby Version Manager Inspired by Python's Uv 3 -- 2025-09-05
Nx NPM Packages Compromised in Supply Chain Attack Weaponizing AI CLI Tools 3 -- 2025-08-27
Astral Launches Pyx: A Python-Native Package Registry 3 -- 2025-08-14
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation 3 -- 2025-09-17
Tier 1 Reachability: Precision CVE Triage for Enterprise Teams 3 -- 2025-09-09
Wallet-Draining NPM Package Impersonates Nodemailer to Hijack Crypto 3 -- 2025-08-29
Malicious Go Module Disguised as SSH Brute Forcer Exfiltrates Credentials Via 3 -- 2025-08-21
Malicious Ruby Gems Used in Targeted Credential Theft Campaign 3 -- 2025-08-08
TC39 Advances 11 Proposals for Math Precision, Binary APIs, and More 3 -- 2025-08-06
NPM Phishing Email Targets Developers with Typosquatted Domain 3 -- 2025-07-27
Toptal's GitHub Organization Hijacked: 10 Malicious Packages Published 3 -- 2025-07-23
Kill Switch Hidden in NPM Packages Typosquatting Chalk and Chokidar 2 -- 2025-01-13
Pnpm 10.0.0 Blocks Lifecycle Scripts by Default 2 -- 2025-01-10
Socket Now Supports Uv.lock Files 2 -- 2025-01-09
New Python Packaging Proposal Aims to Solve Phantom Dependency Problem With 2 -- 2025-01-07
The Cyber Security Council Podcast: Securing Modern Applications in A 2 -- 2025-01-06
Socket Joins TC54 to Help Shape the Future of SBOMs, CycloneDX, and … 2 -- 2025-01-31
Outgoing Biden Administration Issues Sweeping Executive Order on AI-Driven 2 -- 2025-01-22
UK Officials Consider Banning Ransomware Payments from Public Entities 2 -- 2025-01-16
38% of CISOs Fear They're Not Moving Fast Enough on AI 2 -- 2025-02-04
Socket and Seal Security Collaborate to Fix Critical NPM Overrides Bug 2 -- 2025-03-12
Opengrep Launches Playground in Alpha: A Faster, More Stable Environment For 2 -- 2025-03-07
Michigan TypeScript Founder Successfully Runs Doom Inside TypeScript's Type 2 -- 2025-02-28
Historical Analytics – Now in Beta 2 -- 2025-04-24
Turtles, Clams, and Cyber Threat Actors: Shell Usage 2 -- 2025-04-11
VulnCon 2025: NVD Scraps Industry Consortium Plan, Raising Questions About 2 -- 2025-04-11
A New Design for GitHub PR Comments 2 -- 2025-04-10
Safari 18.4 Ships 3 New JavaScript Features from the TC39 Pipeline 2 -- 2025-04-04
The Socket Team at RSAC and BSidesSF 2025 2 -- 2025-03-27
Node.js TSC Votes to Stop Distributing Corepack 2 -- 2025-03-19
Black Basta's Dependency Confusion Ambitions and Ransomware in Open Source 2 -- 2025-03-19
North Korean Contagious Interview Campaign Drops 35 New Malicious NPM Packages 2 -- 2025-06-25
2025 Blockchain and Cryptocurrency Threat Malware in the Open Source 2 -- 2025-06-12
NIST Under Federal Audit for NVD Processing Backlog and Delays 2 -- 2025-05-27
Node.js TSC Declines to Endorse Feature Bounty Program 2 -- 2025-05-15
The Landscape of Malicious Open Source Packages: 2025 Mid‑Year Threat Report 2 -- 2025-05-14
Tracking Protestware Spread: 28 NPM Packages Affected by Payload Targeting 2 -- 2025-07-16
Malicious NPM Packages Impersonate Flashbots SDKs, Targeting Ethereum Wallet 2 -- 2025-09-05
Static vs. Runtime Reachability: Insights from Latio's on the Record Podcast 2 -- 2025-08-13
Precomputed Reachability Analysis in Socket 2 -- 2025-07-30
Socket Now Protects the Chrome Extension Ecosystem 2 -- 2025-07-30
Socket MCP for Claude Desktop 2 -- 2025-07-29
Oracle Drags Its Feet in the JavaScript Trademark Dispute 1 -- 2025-02-07
Python Tools Are Quickly Adopting the New pylock.toml Standard 1 -- 2025-06-24
Open Source Maintainers Feeling the Weight of the EU's Cyber Resilience Act 1 -- 2025-07-17
Feross on Risky Business Weekly Podcast: NPM's Ongoing Supply Chain Attacks 1 -- 2025-09-10
Plushcap, by Matt Makai. 2021-2026.