Hacker News new | past | comments | ask | show | jobs | submit | from login

NPM targeted by malware campaign mimicking familiar library names (socket.dev) 4 points by feross 16 hours ago | past | discuss Wget to Wipeout: Malicious Go Modules Fetch Destructive Payload (socket.dev) 5 points by feross 1 day ago | past | discuss Using Trusted Protocols Against You: Gmail as a C2 Mechanism (socket.dev) 5 points by feross 2 days ago | past | discuss A New Overview in Our Dashboard (socket.dev) 3 points by feross 3 days ago | past | discuss CISA Rebuffs Funding Concerns as CVE Foundation Draws Criticism (socket.dev) 5 points by feross 8 days ago | past | 2 comments Historical Analytics – Now in Beta (socket.dev) 2 points by feross 8 days ago | past | discuss Malicious NPM and PyPI Packages Pose as Dev Tools to Steal Wallet Credentials (socket.dev) 1 point by bundie 9 days ago | past | discuss Module Reachability: Focus on the Vulnerabilities That Matter (socket.dev) 3 points by feross 10 days ago | past | discuss Repository Labels and Security Policies (socket.dev) 6 points by feross 10 days ago | past | discuss The Bad Seeds: Malicious NPM and PyPI Packages Pose as Developer Tools to Steal (socket.dev) 3 points by feross 11 days ago | past | discuss .NET Support in Socket (socket.dev) 7 points by feross 11 days ago | past | 2 comments Go Support Is Now Generally Available (socket.dev) 4 points by feross 15 days ago | past Vlt Launches Real-Time Dependency Analysis Powered by Socket (socket.dev) 4 points by feross 15 days ago | past CISA Extends Mitre Contract as Crisis Accelerates Alternative CVE Coordination (socket.dev) 5 points by feross 16 days ago | past | 1 comment Malicious NPM Package Disguised as Advcash Integration Triggers Reverse Shell (socket.dev) 3 points by feross 18 days ago | past AI Hallucinations Are Fueling a New Class of Supply Chain Attacks (socket.dev) 31 points by sksxihve 20 days ago | past | 6 comments Slopsquatting: AI Hallucinations Fuel New Class of Supply Chain Attacks (socket.dev) 12 points by adriand 21 days ago | past | 2 comments Turtles, Clams, and Cyber Threat Actors: Shell Usage (socket.dev) 2 points by feross 21 days ago | past VulnCon 2025: NVD Scraps Industry Consortium Plan, Raising Questions About (socket.dev) 2 points by feross 21 days ago | past A New Design for GitHub PR Comments (socket.dev) 2 points by feross 22 days ago | past The Rise of Slopsquatting (socket.dev) 11 points by andrewnez 22 days ago | past | 4 comments Safari 18.4 Ships 3 New JavaScript Features from the TC39 Pipeline (socket.dev) 2 points by feross 29 days ago | past Malicious PyPI Package Targets WooCommerce Stores with Automated Carding Attacks (socket.dev) 3 points by feross 30 days ago | past Python Adopts Standard Lock File Format for Reproducible Installs (socket.dev) 8 points by feross 31 days ago | past OpenGrep Restores Fingerprinting in JSON and Sarif Outputs (socket.dev) 3 points by feross 32 days ago | past NVD Concedes Inability to Keep Pace with Surging CVE Disclosures in 2025 (socket.dev) 3 points by feross 35 days ago | past Obfuscation 101: Unmasking the Tricks Behind Malicious Code (socket.dev) 6 points by feross 36 days ago | past The Socket Team at RSAC and BSidesSF 2025 (socket.dev) 2 points by feross 36 days ago | past Node.js TSC Votes to Stop Distributing Corepack (socket.dev) 2 points by feross 44 days ago | past Black Basta's Dependency Confusion Ambitions and Ransomware in Open Source (socket.dev) 2 points by feross 44 days ago | past More

Join us for AI Startup School this June 16-17 in San Francisco! Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact Search: