Hacker News: feross

Axios Maintainer Confirms Social Engineering Attack Behind NPM Compromise

feross — Fri, 03 Apr 2026 02:08:34 +0000

Article URL: https://socket.dev/blog/axios-maintainer-confirms-social-engineering-behind-npm-compromise

Comments URL: https://news.ycombinator.com/item?id=47622506

Points: 5

# Comments: 0

The Hidden Blast Radius of the Axios Compromise

feross — Wed, 01 Apr 2026 21:53:00 +0000

Article URL: https://socket.dev/blog/hidden-blast-radius-of-the-axios-compromise

Comments URL: https://news.ycombinator.com/item?id=47606999

Points: 6

# Comments: 0

Trivy Supply Chain Attack Expands to Compromised Docker Images

feross — Mon, 23 Mar 2026 03:02:45 +0000

Article URL: https://socket.dev/blog/trivy-docker-images-compromised

Comments URL: https://news.ycombinator.com/item?id=47485065

Points: 5

# Comments: 3

New comment by feross in "Trivy ecosystem supply chain temporarily compromised"

feross — Sun, 22 Mar 2026 14:54:31 +0000

Lots more technical research about the actual attack and how it worked here: https://socket.dev/blog/trivy-under-attack-again-github-acti...

Disclosure: I’m the founder of Socket.

Malicious NPM Packages Use Pastebin Steganography to Deploy Credential Stealer

feross — Fri, 27 Feb 2026 21:00:10 +0000

Article URL: https://socket.dev/blog/stegabin-26-malicious-npm-packages-use-pastebin-steganography

Comments URL: https://news.ycombinator.com/item?id=47185535

Points: 2

# Comments: 0

Malicious Go "Crypto" Module Steals Passwords and Deploys Rekoobe Backdoor

feross — Thu, 26 Feb 2026 23:42:35 +0000

Article URL: https://socket.dev/blog/malicious-go-crypto-module-steals-passwords-and-deploys-rekoobe-backdoor

Comments URL: https://news.ycombinator.com/item?id=47173960

Points: 3

# Comments: 0

Shai-Hulud-Style NPM Worm Hijacks CI Workflows and Poisons AI Toolchains

feross — Fri, 20 Feb 2026 20:22:35 +0000

Article URL: https://socket.dev/blog/sandworm-mode-npm-worm-ai-toolchain-poisoning

Comments URL: https://news.ycombinator.com/item?id=47093380

Points: 8

# Comments: 0

First Brands Did Some Round Trips

feross — Sun, 01 Feb 2026 21:05:17 +0000

Article URL: https://www.bloomberg.com/opinion/newsletters/2026-01-29/first-brands-did-some-round-trips

Comments URL: https://news.ycombinator.com/item?id=46849357

Points: 1

# Comments: 0

15 Years of Blogging

feross — Sun, 01 Feb 2026 20:50:38 +0000

Article URL: https://nolanlawson.com/2026/02/01/15-years-of-blogging/

Comments URL: https://news.ycombinator.com/item?id=46849246

Points: 2

# Comments: 1

When will CSS Grid Lanes arrive?

feross — Sat, 31 Jan 2026 23:02:45 +0000

Article URL: https://webkit.org/blog/17758/when-will-css-grid-lanes-arrive-how-long-until-we-can-use-it/

Comments URL: https://news.ycombinator.com/item?id=46841794

Points: 50

# Comments: 27

2026.05: The Chip Fly in the AI Ointment

feross — Sat, 31 Jan 2026 22:47:06 +0000

Article URL: https://stratechery.com/2026/the-chip-fly-in-the-ai-ointment/

Comments URL: https://news.ycombinator.com/item?id=46841681

Points: 1

# Comments: 0

Put a Pin in It

feross — Sat, 31 Jan 2026 22:17:47 +0000

Article URL: https://signal.org/blog/pinned-messages/

Comments URL: https://news.ycombinator.com/item?id=46841458

Points: 1

# Comments: 0

Building a browser API in one shot

feross — Sat, 31 Jan 2026 22:02:23 +0000

Article URL: https://nolanlawson.com/2026/01/31/building-a-browser-api-in-one-shot/

Comments URL: https://news.ycombinator.com/item?id=46841347

Points: 3

# Comments: 0

Kimwolf Botnet Lurking in Corporate, Govt. Networks

feross — Sat, 31 Jan 2026 21:47:04 +0000

Article URL: https://krebsonsecurity.com/2026/01/kimwolf-botnet-lurking-in-corporate-govt-networks/

Comments URL: https://news.ycombinator.com/item?id=46841219

Points: 19

# Comments: 0

Michael Ovitz: The Business of Relationships

feross — Sat, 31 Jan 2026 21:32:27 +0000

Article URL: https://fs.blog/knowledge-project-podcast/michael-ovitz/

Comments URL: https://news.ycombinator.com/item?id=46841074

Points: 1

# Comments: 0

Best of Moltbook

feross — Sat, 31 Jan 2026 21:16:46 +0000

Article URL: https://www.astralcodexten.com/p/best-of-moltbook

Comments URL: https://news.ycombinator.com/item?id=46840938

Points: 92

# Comments: 37

GlassWorm Loader Hits Open VSX via Developer Account Compromise

feross — Sat, 31 Jan 2026 21:01:50 +0000

Article URL: https://socket.dev/blog/glassworm-loader-hits-open-vsx-via-suspected-developer-account-compromise

Comments URL: https://news.ycombinator.com/item?id=46840808

Points: 3

# Comments: 0

Ads in ChatGPT, Why OpenAI Needs Ads, the Long Road to Instagram

feross — Tue, 20 Jan 2026 20:18:15 +0000

Article URL: https://stratechery.com/2026/ads-in-chatgpt-why-openai-needs-ads-the-long-road-to-instagram/

Hacker News: feross

Axios Maintainer Confirms Social Engineering Attack Behind NPM Compromise

The Hidden Blast Radius of the Axios Compromise

Trivy Supply Chain Attack Expands to Compromised Docker Images

New comment by feross in "Trivy ecosystem supply chain temporarily compromised"

Malicious NPM Packages Use Pastebin Steganography to Deploy Credential Stealer

Malicious Go "Crypto" Module Steals Passwords and Deploys Rekoobe Backdoor

Shai-Hulud-Style NPM Worm Hijacks CI Workflows and Poisons AI Toolchains

First Brands Did Some Round Trips

15 Years of Blogging

When will CSS Grid Lanes arrive?

2026.05: The Chip Fly in the AI Ointment

Put a Pin in It

Building a browser API in one shot

Kimwolf Botnet Lurking in Corporate, Govt. Networks

Michael Ovitz: The Business of Relationships

Best of Moltbook

GlassWorm Loader Hits Open VSX via Developer Account Compromise

Ads in ChatGPT, Why OpenAI Needs Ads, the Long Road to Instagram

Turbopack: Building faster by building less

2026.03: Technology Doings