Submissions from socket.dev

		Axios Supply Chain Attack Reaches OpenAI macOS Signing Pipeline (socket.dev)
		3 points by salkahfi 1 day ago \| past \| 1 comment
		North Korea's Contagious Interview Campaign Spreads Across 5 Ecosystems (socket.dev)
		2 points by pier25 4 days ago \| past \| discuss
		Attackers Are Hunting High-Impact Node.js Maintainers with Social Engineering (socket.dev)
		3 points by pier25 8 days ago \| past \| 2 comments
		Axios Maintainer Confirms Social Engineering Attack Behind NPM Compromise (socket.dev)
		5 points by feross 9 days ago \| past \| discuss
		The Hidden Blast Radius of the Axios Compromise (socket.dev)
		6 points by feross 10 days ago \| past \| discuss
		Supply Chain Attack on Axios Pulls Malicious Dependency from NPM (socket.dev)
		2 points by dsr12 12 days ago \| past \| discuss
		TeamPCP Is Systematically Targeting Security Tools Across the OSS Ecosystem (socket.dev)
		5 points by pier25 18 days ago \| past
		Trivy Supply Chain Attack Expands to Compromised Docker Images (socket.dev)
		5 points by feross 20 days ago \| past \| 3 comments
		Trivy under attack again: Widespread GitHub Actions tag compromise secrets (socket.dev)
		250 points by jicea 21 days ago \| past \| 83 comments
		Trivy Under Attack Again: Widespread GitHub Actions Tag Compromise Exposes (socket.dev)
		3 points by tamnd 22 days ago \| past \| 1 comment
		CanisterWorm: NPM Publisher Compromise Deploys Backdoor Across 29 Packages (socket.dev)
		3 points by pier25 22 days ago \| past
		Widespread Trivvy GitHub Actions Tag Compromise Exposes CI/CD Secrets (socket.dev)
		7 points by donutshop 23 days ago \| past \| 1 comment
		Enisa Technical Advisory on Secure Use of Package Managers (socket.dev)
		6 points by pier25 23 days ago \| past
		Malicious NPM Packages Use Pastebin Steganography to Deploy Credential Stealer (socket.dev)
		2 points by feross 43 days ago \| past
		Malicious Go "Crypto" Module Steals Passwords and Deploys Rekoobe Backdoor (socket.dev)
		3 points by feross 44 days ago \| past
		Shai-Hulud-Style NPM Worm Hijacks CI Workflows and Poisons AI Toolchains (socket.dev)
		10 points by jicea 49 days ago \| past
		Shai-Hulud-Style NPM Worm Hijacks CI Workflows and Poisons AI Toolchains (socket.dev)
		8 points by feross 50 days ago \| past
		Socket brings supply chain security to skills.sh (socket.dev)
		2 points by ryoidong 52 days ago \| past
		AI Agent Lands PRs in Major OSS Projects, Targets Maintainers via Cold Outreach (socket.dev)
		3 points by puppion 54 days ago \| past
		AI Agent Lands PRs in Major OSS Projects (socket.dev)
		1 point by bradyholt 54 days ago \| past
		AI Agent Lands PRs in Major OSS Projects, Targets Maintainers via Cold Outreach (socket.dev)
		2 points by choult 56 days ago \| past
		AI Agent Lands PRs in Major OSS Projects, Targets Maintainers via Cold Outreach (socket.dev)
		16 points by cdrnsf 57 days ago \| past \| 1 comment
		AI Agent Lands PRs in Major OSS Projects (socket.dev)
		2 points by junon 57 days ago \| past
		Lodash's Security Reset and Maintenance Reboot (socket.dev)
		5 points by todsacerdoti 69 days ago \| past
		GlassWorm Loader Hits Open VSX via Developer Account Compromise (socket.dev)
		3 points by feross 70 days ago \| past
		Temporal API Ships in Chrome 144, Marking a Shift for JavaScript Date Handling (socket.dev)
		1 point by thunderbong 85 days ago \| past
		Temporal API Ships in Chrome 144, Marking a Major Shift for JavaScript Date (socket.dev)
		3 points by feross 86 days ago \| past \| 1 comment
		Malicious Chrome Extension Steals MEXC API Keys for Account Takeover (socket.dev)
		7 points by feross 89 days ago \| past
		Tailwind CSS Announces 75% Layoffs as LLMs Reshape OSS Business Models (socket.dev)
		3 points by feross 3 months ago \| past \| 1 comment
		NPM to implement staged publishing after turbulent shift off classic tokens (socket.dev)
		205 points by feross 3 months ago \| past \| 125 comments
		More