Socket Hacker News - Plushcap

Filters

Min points: 1 10 25 50 100 250 500

Year:

Posts by Month (17 total)

Hacker News Posts

Search:

Title	Points	Comments	Date
Shai-Hulud malware attack: Tinycolor and over 40 NPM packages compromised	1,231	--	2025-09-16
Active NPM supply chain attack: Tinycolor and 40 Packages Compromised	85	--	2025-09-15
Prettier NPM Packages Compromised in Supply Chain Attack	45	--	2025-07-19
Curl Project and Go Security Teams Reject CVSS as Broken	40	--	2025-01-24
AI Hallucinations Are Fueling a New Class of Supply Chain Attacks	31	--	2025-04-12
Gem.Coop – Community-Run Alternative to Rubygems.org, Led by Former Maintainers	30	--	2025-10-06
Libxml2 Maintainer Ends Embargoed Vulnerability Reports, Citing Unsustainable	27	--	2025-06-18
DuckDB NPM Account Compromised in Continuing Supply Chain Attack	27	--	2025-09-09
Go Supply Chain Attack: Malicious Package Exploits Go Module Proxy Caching For	17	--	2025-02-04
Open Source Maintainers Demand Ability to Block Copilot-Generated Issues and PRs	14	--	2025-05-20
NPM 'Is' Package Hijacked in Expanding Supply Chain Attack	14	--	2025-07-22
Researcher Exposes 0-Day Clickjacking Vulnerabilities in Major Password Managers	13	--	2025-08-19
Typosquatted Go Packages Deliver Malware Loader Targeting Linux and macOS	11	--	2025-03-04
AI Slop Is Polluting Bug Bounty Platforms with Fake Vulnerability Reports	11	--	2025-05-07
Wget to Wipeout: Malicious Go Modules Fetch Destructive Payload	10	--	2025-05-01
Contagious Interview Campaign Escalates with 67 Malicious NPM Packages and New	10	--	2025-07-14
The GitHub Infrastructure Powering North Korea's Contagious Interview NPM Attack	10	--	2025-11-29

Plushcap, by Matt Makai. 2021-2026.