Submissions from socket.dev

		Axios Maintainer Confirms Social Engineering Attack Behind NPM Compromise (socket.dev)
		4 points by feross 17 hours ago \| past \| discuss
		The Hidden Blast Radius of the Axios Compromise (socket.dev)
		5 points by feross 1 day ago \| past \| discuss
		Supply Chain Attack on Axios Pulls Malicious Dependency from NPM (socket.dev)
		2 points by dsr12 3 days ago \| past \| discuss
		TeamPCP Is Systematically Targeting Security Tools Across the OSS Ecosystem (socket.dev)
		5 points by pier25 9 days ago \| past \| discuss
		Trivy Supply Chain Attack Expands to Compromised Docker Images (socket.dev)
		5 points by feross 11 days ago \| past \| 3 comments
		Trivy under attack again: Widespread GitHub Actions tag compromise secrets (socket.dev)
		250 points by jicea 12 days ago \| past \| 84 comments
		Trivy Under Attack Again: Widespread GitHub Actions Tag Compromise Exposes (socket.dev)
		3 points by tamnd 13 days ago \| past \| 1 comment
		CanisterWorm: NPM Publisher Compromise Deploys Backdoor Across 29 Packages (socket.dev)
		3 points by pier25 13 days ago \| past \| discuss
		Widespread Trivvy GitHub Actions Tag Compromise Exposes CI/CD Secrets (socket.dev)
		7 points by donutshop 14 days ago \| past \| 1 comment
		Enisa Technical Advisory on Secure Use of Package Managers (socket.dev)
		6 points by pier25 15 days ago \| past
		Malicious NPM Packages Use Pastebin Steganography to Deploy Credential Stealer (socket.dev)
		2 points by feross 34 days ago \| past
		Malicious Go "Crypto" Module Steals Passwords and Deploys Rekoobe Backdoor (socket.dev)
		3 points by feross 35 days ago \| past
		Shai-Hulud-Style NPM Worm Hijacks CI Workflows and Poisons AI Toolchains (socket.dev)
		10 points by jicea 40 days ago \| past
		Shai-Hulud-Style NPM Worm Hijacks CI Workflows and Poisons AI Toolchains (socket.dev)
		8 points by feross 41 days ago \| past
		Socket brings supply chain security to skills.sh (socket.dev)
		2 points by ryoidong 43 days ago \| past
		AI Agent Lands PRs in Major OSS Projects, Targets Maintainers via Cold Outreach (socket.dev)
		3 points by puppion 45 days ago \| past
		AI Agent Lands PRs in Major OSS Projects (socket.dev)
		1 point by bradyholt 46 days ago \| past
		AI Agent Lands PRs in Major OSS Projects, Targets Maintainers via Cold Outreach (socket.dev)
		2 points by choult 47 days ago \| past
		AI Agent Lands PRs in Major OSS Projects, Targets Maintainers via Cold Outreach (socket.dev)
		16 points by cdrnsf 48 days ago \| past \| 1 comment
		AI Agent Lands PRs in Major OSS Projects (socket.dev)
		2 points by junon 48 days ago \| past
		Lodash's Security Reset and Maintenance Reboot (socket.dev)
		5 points by todsacerdoti 60 days ago \| past
		GlassWorm Loader Hits Open VSX via Developer Account Compromise (socket.dev)
		3 points by feross 61 days ago \| past
		Temporal API Ships in Chrome 144, Marking a Shift for JavaScript Date Handling (socket.dev)
		1 point by thunderbong 76 days ago \| past
		Temporal API Ships in Chrome 144, Marking a Major Shift for JavaScript Date (socket.dev)
		3 points by feross 77 days ago \| past \| 1 comment
		Malicious Chrome Extension Steals MEXC API Keys for Account Takeover (socket.dev)
		7 points by feross 80 days ago \| past
		Tailwind CSS Announces 75% Layoffs as LLMs Reshape OSS Business Models (socket.dev)
		3 points by feross 85 days ago \| past \| 1 comment
		NPM to implement staged publishing after turbulent shift off classic tokens (socket.dev)
		205 points by feross 86 days ago \| past \| 125 comments
		Malicious Chrome Extensions "Phantom Shuttle" Masquerade as a VPN to Intercept (socket.dev)
		1 point by feross 3 months ago \| past
		The Supply Chain Nightmare Before Deployment (socket.dev)
		2 points by feross 3 months ago \| past \| 1 comment
		Malicious NuGet Package Typosquats Popular .NET Tracing Library to Steal Wallet (socket.dev)
		3 points by feross 3 months ago \| past
		More