Socket
@SocketSecurity
Socket is the #1 software supply chain security platform. Next-gen SCA + SBOM + 0-day prevention. LOVED BY DEVELOPERS. 👀 @npm_malware
قد يعجبك
🚀 We’re thrilled to announce Socket’s $40M Series B led by @AbstractVC with participation from @eladgil and @a16z!
#TypeScript 6.0 will be the last JS-based major release. TypeScript 7’s native toolchain (Corsa) is already testable, with benchmarks showing ~7.5–10x faster full builds. socket.dev/blog/typescrip… #JavaScript
🚨 React disclosed a critical (CVSS 10.0) RCE in React Server Components. If you use RSC (often via frameworks like Next.js), upgrade react-server-dom-* to patched versions ASAP. Details → socket.dev/blog/critical-…
socket.dev
Critical Security Vulnerability in React Server Components -...
React disclosed a CVSS 10.0 RCE in React Server Components and is advising users to upgrade affected packages and frameworks to patched versions now.
🙄 The holiday themed npm spam has arrived: 420+ auto-generated elf-stats-* packages claiming to be published every 2 min. This is just registry abuse, and it’s a waste of everyone’s time. Nobody is going to accidentally install these but they're still unsafe to run. #NodeJS
Seasonal nuisance on npm this morning: 420+ auto-generated elf-stats-* packages, many claiming “generated every two minutes,” published from new throwaway accounts. Payloads are simple but unsafe (exfil / preinstall scripts). npm is already removing packages and we’re monitoring…
I started using sfw by @SocketSecurity to secure npm installs. Very simple to enable, I highly recommend. socket.dev/blog/introduci…
socket.dev
Introducing Socket Firewall: Free, Proactive Protection for ...
Socket Firewall is a free tool that blocks malicious packages at install time, giving developers proactive protection against rising supply chain atta...
🚨 New Socket Threat Research: We found a malicious Rust crate disguised as an EVM version helper that downloads & silently executes OS-specific payloads, likely for crypto theft. The crate was live for 8 months & was swiftly removed after we reported it. socket.dev/blog/malicious…
🚨 North Korea is literally hiring developers through fake job interviews to steal their crypto wallets I just went through @SocketSecurity's latest research and this is genuinely insane. 197 malicious npm packages since October, 31k+ downloads, all targeting Web3 devs through…
Seasonal nuisance on npm this morning: 420+ auto-generated elf-stats-* packages, many claiming “generated every two minutes,” published from new throwaway accounts. Payloads are simple but unsafe (exfil / preinstall scripts). npm is already removing packages and we’re monitoring…
A reality for anyone scaling a team: "What got you from zero to one is not what's going get you from one to 10. So you have to constantly evolve the way you run your business." - @feross on the Vlad Kachur Show 🧨 Full interview: socket.dev/blog/scaling-s… #appsec #infosec
Congrats to the @bunjavascript team and @AnthropicAI on this big move! Good news for sustainability: same team, still MIT-licensed and built in public. 🎉
📌 Really enjoyed this interview @feross did with Vlad Kachur. If you’re scaling a startup or navigating the challenges of building in a crowded market, there’s a lot of practical insight here, especially for technical founders.
🎙️ Why great products don't always win: Socket CEO @feross breaks down a hard truth for technical founders in this conversation with Vlad Kachur on scaling a security company. Check out the full interview → socket.dev/blog/scaling-s… #appsec #infosec
🎙️ Why great products don't always win: Socket CEO @feross breaks down a hard truth for technical founders in this conversation with Vlad Kachur on scaling a security company. Check out the full interview → socket.dev/blog/scaling-s… #appsec #infosec
The Socket Threat Research Team continues to track North Korea’s Contagious Interview operation as it systematically infiltrates the npm ecosystem. socket.dev/blog/north-kor… @SocketSecurity
Really interesting and detailed report by @SocketSecurity great work. cc: @aptwhatnow @meow_mfer @browsercookies @Narcass3 @SttyK
New research from Socket: We uncover how North Korean hackers are using npm, GitHub, and Vercel together to spread OtterCookie malware, adding 197 malicious npm packages. socket.dev/blog/north-kor… #JavaScript #malware
📖 CloudSecList Issue 316 is live, with content from @praetorianlabs @SocketSecurity @specterops @InvictusIR @watchtowrcyber and more! cloudseclist.com/issues/issue-3…
💪
📖 CloudSecList Issue 316 is live, with content from @praetorianlabs @SocketSecurity @specterops @InvictusIR @watchtowrcyber and more! cloudseclist.com/issues/issue-3…
🚨 North Korean hackers uploaded 197 malicious npm packages (31K+ downloads). They drop a new OtterCookie variant that steals passwords, crypto data, and screenshots — all from a fake job interview setup. Details here ↓ thehackernews.com/2025/11/north-…
👀
New research from Socket: We uncover how North Korean hackers are using npm, GitHub, and Vercel together to spread OtterCookie malware, adding 197 malicious npm packages. socket.dev/blog/north-kor… #JavaScript #malware
🫤 The security of these npm packages has really started to become a problem.
New research from Socket: We uncover how North Korean hackers are using npm, GitHub, and Vercel together to spread OtterCookie malware, adding 197 malicious npm packages. socket.dev/blog/north-kor… #JavaScript #malware
United States الاتجاهات
- 1. #Kodezi N/A
- 2. Walter Payton 2,542 posts
- 3. Chronos N/A
- 4. Good Thursday 34.5K posts
- 5. Merry Christmas 68.6K posts
- 6. #thursdayvibes 2,324 posts
- 7. $META 11.9K posts
- 8. Metaverse 7,384 posts
- 9. Happy Friday Eve N/A
- 10. Somali 244K posts
- 11. Dealerships 1,366 posts
- 12. RNC and DNC 3,841 posts
- 13. #ThursdayThoughts 1,678 posts
- 14. #NationalCookieDay N/A
- 15. #JASPER_TouchMV 310K posts
- 16. The Blaze 5,205 posts
- 17. Hilux 10.2K posts
- 18. Toyota 31.9K posts
- 19. Yasser Abu Shabab 3,933 posts
- 20. JASPER COMEBACK TOUCH 203K posts
قد يعجبك
-
Feross
@feross -
Xavier Uncle
@xavierunclelite -
swyx 🔜 NeurIPS + #DevWritersRetreat
@swyx -
Syft
@SyftProject -
Karissa Fuller
@Karissa_Wood_ -
Cassidy
@cassidoo -
Chainguard ⛓️
@chainguard_dev -
Web3Privacy Now
@web3privacy -
Andriy Mulyar
@andriy_mulyar -
Fermyon
@fermyontech -
OpenSSF
@openssf -
Artflow.ai
@artflow_ai -
OSS Capiτal
@OSSCapital -
wasmedge
@realwasmedge -
Alex Sidorenko
@asidorenko_
Something went wrong.
Something went wrong.