Socket
@SocketSecurity
Socket is the #1 software supply chain security platform. Next-gen SCA + SBOM + 0-day prevention. LOVED BY DEVELOPERS. 👀 @npm_malware
You might like
🚀 We’re thrilled to announce Socket’s $40M Series B led by @AbstractVC with participation from @eladgil and @a16z!
🚨 New from Socket Threat Research: 9 malicious #NuGet packages deliver time-delayed destructive payloads, designed to crash apps and sabotage industrial control systems. Read the full analysis → socket.dev/blog/9-malicio… #dotnet
Check out Socket CTO @AhmadNassri at @WorkOS' Enterprise Ready Conf: Ahmad joined a panel discussing how enterprise security is adapting, as AI speeds up both software development and attacks targeting developer machines. socket.dev/blog/how-enter…
🎃
Still installing npm packages like it’s 2020? Not all npm installs are treats. 🎃 On the @changelog podcast, @feross shares practical steps every developer should take to reduce exposure to supply chain attacks on npm. → socket.dev/blog/the-chang… #NodeJS #JavaScript
Ten npm packages, using typosquatting to imitate popular legitimate packages, were found to spread credential-stealing malware hidden under four layers of obfuscation, @SocketSecurity reported. #cybersecurity #infosec #ITsecurity #CISO bit.ly/4qHmJSb
Ten npm packages, using typosquatting to imitate popular legitimate packages, were found to spread credential-stealing malware hidden under four layers of obfuscation, @SocketSecurity reported. #cybersecurity #infosec #ITsecurity #CISO bit.ly/4qHmJSb
‼️Update: the MIT-linked “AI-powered ransomware” report appears to have been taken offline. We updated our post to include an Internet Archive link to the original paper.
🧯The security community is pushing back against new claims that 80% of #ransomware attacks are AI-driven, a figure from a recent MIT-linked report now drawing widespread criticism. → socket.dev/blog/security-…
Still installing npm packages like it’s 2020? Not all npm installs are treats. 🎃 On the @changelog podcast, @feross shares practical steps every developer should take to reduce exposure to supply chain attacks on npm. → socket.dev/blog/the-chang… #NodeJS #JavaScript
Ten npm packages, using typosquatting to imitate popular legitimate packages, were found to spread credential-stealing malware hidden under four layers of obfuscation, @SocketSecurity reported. #cybersecurity #infosec #ITsecurity #CISO bit.ly/4qHmJSb
🧯The security community is pushing back against new claims that 80% of #ransomware attacks are AI-driven, a figure from a recent MIT-linked report now drawing widespread criticism. → socket.dev/blog/security-…
Excellent work from the @SocketSecurity team!
Ten npm packages, using typosquatting to imitate popular legitimate packages, were found to spread credential-stealing malware hidden under four layers of obfuscation, @SocketSecurity reported. #cybersecurity #infosec #ITsecurity #CISO bit.ly/4qHmJSb
🚨 10 fake npm packages (~9.9K installs) hid a cross-platform info stealer. It spawns a fake terminal, pulls a 24 MB payload from 195.133.79[.]43, and drains keyrings — not just browser creds. Instant access to email, cloud, VPNs, and prod DBs. Read details ↓…
![TheHackersNews's tweet image. 🚨 10 fake npm packages (~9.9K installs) hid a cross-platform info stealer.
It spawns a fake terminal, pulls a 24 MB payload from 195.133.79[.]43, and drains keyrings — not just browser creds.
Instant access to email, cloud, VPNs, and prod DBs.
Read details ↓…](https://pbs.twimg.com/media/G4ajbNhX0AAMlZV.jpg)
The #Ruby ecosystem is entering a new phase of governance for its core package tools. Ruby creator Matz assumes control of RubyGems and Bundler as former maintainers agree to transfer all rights to end the dispute. #rubyonrails socket.dev/blog/ruby-core…
Socket threat researchers found 10 typosquatted npm packages that auto-run via postinstall, display fake CAPTCHAs, fingerprint IPs, and install a cross-platform credential stealer. Together, they’ve been downloaded ~9,900 times. Read the report → socket.dev/blog/10-npm-ty…
Today, we’re launching Socket Firewall Enterprise — built to stop malicious packages before they ever reach your apps or developer systems. A few years ago, high-profile package compromises were rare. But not anymore. In just the past few months, we’ve seen trusted open source…
📈 Who’s keeping up with CVE publishing and who’s gone quiet? CNAPulse is a new open source dashboard that brings publishing transparency to the #CVE ecosystem. It tracks CNA activity in real time, revealing which CNAs are active, declining, or inactive. socket.dev/blog/cna-pulse
United States Trends
- 1. GTA 6 15.1K posts
- 2. Nancy Pelosi 98.2K posts
- 3. GTA VI 4,122 posts
- 4. Paul DePodesta N/A
- 5. Rockies 2,674 posts
- 6. Ozempic 12.2K posts
- 7. Marshawn Kneeland 55.8K posts
- 8. Rockstar 28.6K posts
- 9. RFK Jr 22.6K posts
- 10. Grand Theft Auto VI 11K posts
- 11. Jaidyn 2,826 posts
- 12. Subway 45.7K posts
- 13. Michael Jackson 82.7K posts
- 14. Sean Dunn 3,958 posts
- 15. Oval Office 34.4K posts
- 16. Sandwich Guy 9,539 posts
- 17. Moneyball N/A
- 18. Jonah Hill 1,276 posts
- 19. On Melancholy Hill N/A
- 20. GTA 5 3,908 posts
You might like
-
Feross
@feross -
Xavier Uncle
@xavierunclelite -
swyx
@swyx -
Syft
@SyftProject -
Karissa Fuller
@Karissa_Wood_ -
Cassidy
@cassidoo -
Chainguard ⛓️
@chainguard_dev -
Web3Privacy Now
@web3privacy -
Andriy Mulyar
@andriy_mulyar -
Fermyon is going to #WasmCon + #KubeCon
@fermyontech -
OpenSSF
@openssf -
Artflow.ai
@artflow_ai -
OSS Capiτal
@OSSCapital -
wasmedge
@realwasmedge -
Alex Sidorenko
@asidorenko_
Something went wrong.
Something went wrong.