Socket
@SocketSecurity
Socket is the #1 software supply chain security platform. Next-gen SCA + SBOM + 0-day prevention. LOVED BY DEVELOPERS. 👀 @npm_malware
قد يعجبك
🚀 We’re thrilled to announce Socket’s $40M Series B led by @AbstractVC with participation from @eladgil and @a16z!
@socketsecurity/bun-security-scanner + @bunjavascript is the best pair!!! x.com/SocketSecurity…
🚀 Socket now integrates with Bun 1.3’s new Security Scanner API! @bunjavascript users can now protect their projects from malicious packages, typosquatting, & other supply chain attacks. Great to see Bun moving fast to protect devs with this new API! socket.dev/blog/socket-in…
"North Korea’s Contagious Interview Campaign Escalates: 338 Malicious npm Packages, 50,000 Downloads" published by @SocketSecurity. #ContagiousInterview, #NPM, #DPRK, #CTI socket.dev/blog/north-kor…
Socket researchers uncovered a pattern of threat actors using #Discord webhooks for command & control (C2) across npm, PyPI, and RubyGems.org, exfiltrating sensitive data without needing their own infrastructure. Read the full analysis: socket.dev/blog/weaponizi…
🚀 Socket now integrates with Bun 1.3’s new Security Scanner API! @bunjavascript users can now protect their projects from malicious packages, typosquatting, & other supply chain attacks. Great to see Bun moving fast to protect devs with this new API! socket.dev/blog/socket-in…
North Korea’s “Contagious Interview” campaign continues to weaponize npm: 338 malicious packages, 50K+ downloads. Leveraging typosquats, loader tweaks, and new aliases, it targets #crypto devs and job seekers via recruiter lures. Full Report → socket.dev/blog/north-kor… #NodeJS
3/ Key items for security teams. Do these now: • Force password resets for exposed accounts (prioritize Office365). • Turn on MFA everywhere. • Block/quarantine HTML attachments in email gateways. • Monitor unpkg requests matching redirect-*/beamglea.js and the 7 C2 domains.…
AppSec is not just protecting your product/business, it's about protecting everyone! These packages do nothing malicious to developers/products they infect. Instead, they are targeting web visitors of the infected apps, with the ultimate goal of mass credential harvesting.
Supply chain attacks are evolving and so should your security practices. case-in-point: Beamglea - a campaign that turns npm 💔 into a phishing-as-a-service platform This isn't your typical supply chain attack. It's infrastructure weaponization. socket.dev/blog/175-malic…
Did you know some actively exploited CVEs were missing from Google’s OSV feed because the vendor disputed them? That’s now fixed and 500+ advisories restored.
⚠️ Google’s OSV just added 500+ new advisories, not from new vulns, but from fixing a long-standing policy that made disputed CVEs invisible. Learn more → socket.dev/blog/google-os…
⚠️ Google’s OSV just added 500+ new advisories, not from new vulns, but from fixing a long-standing policy that made disputed CVEs invisible. Learn more → socket.dev/blog/google-os…
2/ How it works: threat actors publish "redirect-xxxxxx" packages with JS files that redirect victims (with pre-filled emails) to credential-harvesters. Packages don’t run on npm install. They’re just using unpkg as free, trusted hosting for the attack payload. Sneaky. 😬
1/ 🚨 We just found a massive abuse of the npm ecosystem: • Targeting 135+ orgs worldwide 🤯 • 175 malicious npm packages (26k+ downloads) • 630+ HTML lures • Weaponized unpkg as free CDN hosting for credential-phishing attacks 👀 More details ⬇️⬇️⬇️
🚨 175 malicious npm packages (26k+ downloads) abused npm and unpkg to host credential-phishing infrastructure targeting 135+ organizations in industrial, tech, and energy sectors. Full analysis: socket.dev/blog/175-malic… #NodeJS
🎙️ This discussion is live right now with @feross and @matteocollina and @lucamaraschi ! Tune in:
Inside the Latest npm Attack (with Feross Aboukhadijeh) x.com/i/broadcasts/1…
Speaker lineup: • Ahmad Nassri (@AhmadNassri), CTO | @SocketSecurity • Albert Strasheim (@fullung), CTO | @Rippling • Allan Leinwand (@leinwand), CTO | @webflow • Dustin Schau (@SchauDustin), Head of API Client | @getpostman • Evan Johnson (@ejcx_), CEO & Co-founder |…
#Python 3.14 just dropped: the “π release.” 🥧It adds template string literals, deferred annotations, and subinterpreters, plus ongoing work on the free-threaded build and an experimental JIT. Congrats to all the contributors on this release! 🎉 socket.dev/blog/python-3-…
United States الاتجاهات
- 1. Jets 95.2K posts
- 2. Jets 95.2K posts
- 3. Justin Fields 16.7K posts
- 4. Aaron Glenn 6,886 posts
- 5. London 201K posts
- 6. Sean Payton 3,268 posts
- 7. Garrett Wilson 4,234 posts
- 8. Bo Nix 4,270 posts
- 9. #Pandu N/A
- 10. #HardRockBet 3,530 posts
- 11. Tyrod 2,352 posts
- 12. #DENvsNYJ 2,520 posts
- 13. HAPPY BIRTHDAY JIMIN 178K posts
- 14. #JetUp 2,466 posts
- 15. #OurMuseJimin 222K posts
- 16. Breece Hall 2,334 posts
- 17. Bam Knight N/A
- 18. Sutton 2,954 posts
- 19. Peart 2,033 posts
- 20. Folk 16.7K posts
قد يعجبك
-
Feross
@feross -
Xavier Uncle
@xavierunclelite -
swyx
@swyx -
Syft
@SyftProject -
Karissa Fuller
@Karissa_Wood_ -
Lumigo
@Lumigo -
Cassidy
@cassidoo -
Chainguard ⛓️
@chainguard_dev -
Web3Privacy Now
@web3privacy -
Andriy Mulyar
@andriy_mulyar -
Fermyon
@fermyontech -
OpenSSF
@openssf -
Artflow.ai
@artflow_ai -
OSS Capiτal
@OSSCapital -
wasmedge
@realwasmedge
Something went wrong.
Something went wrong.