Socket
@SocketSecurity
Socket is the #1 software supply chain security platform. Next-gen SCA + SBOM + 0-day prevention. LOVED BY DEVELOPERS. 👀 @npm_malware
You might like
🚀 We’re thrilled to announce Socket’s $40M Series B led by @AbstractVC with participation from @eladgil and @a16z!
this is a nice research from Socket! threats are everywhere, you are hit basically from every angle! i’ve been working relentlessly this past year to try to help projects be safe not only by doing code reviews but improving their opsec in general… a good security posture does…
New research from Socket: We uncover how North Korean hackers are using npm, GitHub, and Vercel together to spread OtterCookie malware, adding 197 malicious npm packages. socket.dev/blog/north-kor… #JavaScript #malware
New research from Socket: We uncover how North Korean hackers are using npm, GitHub, and Vercel together to spread OtterCookie malware, adding 197 malicious npm packages. socket.dev/blog/north-kor… #JavaScript #malware
We're now at over 800 malicious packages in this attack campaign Stay vigilant! This isn't over yet
⚠️ Update on the Shai Hulud v2 campaign: We’ve confirmed 834 malicious packages and now see spillover into Maven Central. The package org.mvnpm:posthog-node:4.18.1 contains the same Bun-based payload used in the npm compromise. Updated analysis → socket.dev/blog/shai-hulu… #Java
🚨 Socket researchers uncovered a malicious Chrome extension that injects hidden #SOL transfers into Raydium swaps, quietly siphoning fees to an attacker wallet. Full analysis → socket.dev/blog/malicious… #Solana
⚠️ Update on the Shai Hulud v2 campaign: We’ve confirmed 834 malicious packages and now see spillover into Maven Central. The package org.mvnpm:posthog-node:4.18.1 contains the same Bun-based payload used in the npm compromise. Updated analysis → socket.dev/blog/shai-hulu… #Java
🔥 New npm attack DETECTED! A campaign dubbed “Sha1-Hulud: The Second Coming” has compromised hundreds of packages and over 25,000 GitHub repos. The code runs during install, steals cloud logins, and if that fails, it deletes the user’s home folder. Read more ↓…
🤯 The number of affected packages is now 770. We'll keep updating the blog post as our investigation continues.
🚨 A new wave of the Shai-Hulud supply chain attack has hit npm, impacting packages across widely used projects from AsyncAPI, ENS, Postman, PostHog, and Zapier. Attackers added a malicious preinstall script following account compromise. socket.dev/blog/shai-hulu…
Socket did put the full comprehensive analysis and list of all affected packages
We have updated this list to include more than 500 packages and 700+ affected versions, as well as a technical analysis of the attack. socket.dev/blog/shai-hulu… cc: @Cooperpress @TheHackersNews @BleepinComputer @TheRegister @SecurityWeek
Here we go again… This post includes more than 500 unique packages and a total of more than 700 affected versions.
🚨 A new wave of the Shai-Hulud supply chain attack has hit npm, impacting packages across widely used projects from AsyncAPI, ENS, Postman, PostHog, and Zapier. Attackers added a malicious preinstall script following account compromise. socket.dev/blog/shai-hulu…
Huge shoutout to the team for shipping five major releases in one week. The pace, the polish, and the ambition are unreal. Customers can feel the momentum and we’re just getting started.
We have updated this list to include more than 500 packages and 700+ affected versions, as well as a technical analysis of the attack. socket.dev/blog/shai-hulu… cc: @Cooperpress @TheHackersNews @BleepinComputer @TheRegister @SecurityWeek
🚨 A new wave of the Shai-Hulud supply chain attack has hit npm, impacting packages across widely used projects from AsyncAPI, ENS, Postman, PostHog, and Zapier. Attackers added a malicious preinstall script following account compromise. socket.dev/blog/shai-hulu…
RT @feross: Webhooks for Alert Changes just dropped No more refreshing dashboards. Socket now pushes every new, updated, or cleared alert straight into your workflow in real time. Perfect way to wrap Launch Week: Ruby reachability, Certified Patches, Bun/vlt, OpenVSX… and now…
We updated this post to include more than 500 unique packages and a total of more than 700 affected versions.
🚨 A new wave of the Shai-Hulud supply chain attack has hit npm, impacting packages across widely used projects from AsyncAPI, ENS, Postman, PostHog, and Zapier. Attackers added a malicious preinstall script following account compromise. socket.dev/blog/shai-hulu…
🚨 A new wave of the Shai-Hulud supply chain attack has hit npm, impacting packages across widely used projects from AsyncAPI, ENS, Postman, PostHog, and Zapier. Attackers added a malicious preinstall script following account compromise. socket.dev/blog/shai-hulu…
🇪🇺 Big move for EU security: @enisa_eu has become a CVE Program Root, expanding its role in coordinated vulnerability disclosure across Europe. socket.dev/blog/enisa-bec…
So excited that Socket is expanding beyond appsec to protect IDE extensions, Chrome extensions, AI models, and more. x.com/feross/status/…
🚀 Launch Week Day 4: Socket now scans OpenVSX extensions! Your IDE extensions have root access to everything: your code, credentials, production secrets. Attackers know you install them without a second thought.
United States Trends
- 1. Black Friday 311K posts
- 2. #releafcannabis N/A
- 3. Good Friday 50.5K posts
- 4. #FanCashDropPromotion N/A
- 5. #DaesangForJin 55K posts
- 6. #ENHYPEN 208K posts
- 7. #AVenezuelaNoLaTocaNadie 1,040 posts
- 8. ARMY Protect The 8thDaesang 2,980 posts
- 9. Victory Friday N/A
- 10. 2025 MAMA Awards 457K posts
- 11. Third World Countries 42.4K posts
- 12. yeonjun 67.8K posts
- 13. Mnet 211K posts
- 14. Cyber Monday 5,245 posts
- 15. Sarah Beckstrom 264K posts
- 16. Lamar 48.9K posts
- 17. Signing Day 1,169 posts
- 18. TODAY ONLY 63.4K posts
- 19. Mr. President 20.7K posts
- 20. Stormzy 2,079 posts
You might like
-
Feross
@feross -
Xavier Uncle
@xavierunclelite -
swyx
@swyx -
Syft
@SyftProject -
Karissa Fuller
@Karissa_Wood_ -
Cassidy
@cassidoo -
Chainguard ⛓️
@chainguard_dev -
Web3Privacy Now
@web3privacy -
Andriy Mulyar
@andriy_mulyar -
Fermyon
@fermyontech -
OpenSSF
@openssf -
Artflow.ai
@artflow_ai -
OSS Capiτal
@OSSCapital -
wasmedge
@realwasmedge -
Alex Sidorenko
@asidorenko_
Something went wrong.
Something went wrong.