Socket
@socket.dev
Socket is the #1 software supply chain security platform. Next-gen SCA + SBOM + 0-day prevention. LOVED BY DEVELOPERS.
https://socket.dev
https://socket.dev
Reposted by Socket
Recently went on @changelog.com to talk about the wild surge of npm supply chain attacks… and what developers can actually do to stay safe 🔥
We broke down the real, practical steps every team should take:
• Lockfiles matter more than people think
• Delay new package versions to dodge fresh malware
We broke down the real, practical steps every team should take:
• Lockfiles matter more than people think
• Delay new package versions to dodge fresh malware
Feross on the most serious supply chain attacks in npm history (and what we can do about it)
YouTube video by Changelog
www.youtube.com
November 12, 2025 at 7:04 PM
Recently went on @changelog.com to talk about the wild surge of npm supply chain attacks… and what developers can actually do to stay safe 🔥
We broke down the real, practical steps every team should take:
• Lockfiles matter more than people think
• Delay new package versions to dodge fresh malware
We broke down the real, practical steps every team should take:
• Lockfiles matter more than people think
• Delay new package versions to dodge fresh malware
Reposted by Socket
New research from @socket.dev: a malicious Chrome extension posing as an Ethereum wallet steals seed phrases by encoding them into Sui transactions. Wild on-chain exfiltration technique. Still live on the Chrome Web Store.
cc: @campuscodi.risky.biz
cc: @campuscodi.risky.biz
🚨 Socket’s Threat Research Team uncovered a malicious Chrome extension posing as an #Ethereum wallet. It steals seed phrases by encoding them into #Sui transactions and leaks them on-chain - no C2 needed.
→ socket.dev/blog/malicio... #crypto
→ socket.dev/blog/malicio... #crypto
Malicious Chrome Extension Exfiltrates Seed Phrases, Enablin...
A malicious Chrome extension posing as an Ethereum wallet steals seed phrases by encoding them into Sui transactions, enabling full wallet takeover.
socket.dev
November 13, 2025 at 2:55 AM
New research from @socket.dev: a malicious Chrome extension posing as an Ethereum wallet steals seed phrases by encoding them into Sui transactions. Wild on-chain exfiltration technique. Still live on the Chrome Web Store.
cc: @campuscodi.risky.biz
cc: @campuscodi.risky.biz
🚨 Socket’s Threat Research Team uncovered a malicious Chrome extension posing as an #Ethereum wallet. It steals seed phrases by encoding them into #Sui transactions and leaks them on-chain - no C2 needed.
→ socket.dev/blog/malicio... #crypto
→ socket.dev/blog/malicio... #crypto
Malicious Chrome Extension Exfiltrates Seed Phrases, Enablin...
A malicious Chrome extension posing as an Ethereum wallet steals seed phrases by encoding them into Sui transactions, enabling full wallet takeover.
socket.dev
November 12, 2025 at 11:05 PM
🚨 Socket’s Threat Research Team uncovered a malicious Chrome extension posing as an #Ethereum wallet. It steals seed phrases by encoding them into #Sui transactions and leaks them on-chain - no C2 needed.
→ socket.dev/blog/malicio... #crypto
→ socket.dev/blog/malicio... #crypto
Reposted by Socket
We are rolling out @socket.dev on @expressjs.bsky.social because *it is a well thought out analysis* of real risk. So rather than looking at a signal the experts don't think is a worthy signal, feels to me like we are all better off just using the Socket GH app.
Socket - Secure your dependencies. Ship with confidence.
Socket fights vulnerabilities and provides visibility, defense-in-depth, and proactive supply chain protection for JavaScript, Python, and Go dependencies.
Socket.dev
November 11, 2025 at 11:36 PM
We are rolling out @socket.dev on @expressjs.bsky.social because *it is a well thought out analysis* of real risk. So rather than looking at a signal the experts don't think is a worthy signal, feels to me like we are all better off just using the Socket GH app.
🇬🇧 Socket is heading to London for Black Hat Europe and BSides London!
We’re looking forward to connecting with the security community and sharing what we’ve been working on.
If you’ll be there, stop by our booth or schedule time to chat. →
socket.dev/blog/meet-so...
We’re looking forward to connecting with the security community and sharing what we’ve been working on.
If you’ll be there, stop by our booth or schedule time to chat. →
socket.dev/blog/meet-so...
Meet Socket at Black Hat Europe and BSides London 2025 - Soc...
Socket is heading to London! Stop by our booth or schedule a meeting to see what we've been working on.
socket.dev
November 11, 2025 at 8:49 PM
🇬🇧 Socket is heading to London for Black Hat Europe and BSides London!
We’re looking forward to connecting with the security community and sharing what we’ve been working on.
If you’ll be there, stop by our booth or schedule time to chat. →
socket.dev/blog/meet-so...
We’re looking forward to connecting with the security community and sharing what we’ve been working on.
If you’ll be there, stop by our booth or schedule time to chat. →
socket.dev/blog/meet-so...
Reposted by Socket
🐝 It’s official: OWASP’s 2025 Top 10 now includes Software Supply Chain Failures.
Half of survey respondents ranked it their top concern, a long overdue recognition in a year marked by high-impact supply chain attacks.
→ socket.dev/blog/owasp-2... #owasp #appsec #cybersecurity
Half of survey respondents ranked it their top concern, a long overdue recognition in a year marked by high-impact supply chain attacks.
→ socket.dev/blog/owasp-2... #owasp #appsec #cybersecurity
OWASP 2025 Top 10 Adds Software Supply Chain Failures, Ranke...
OWASP’s 2025 Top 10 introduces Software Supply Chain Failures as a new category, reflecting rising concern over dependency and build system risks.
socket.dev
November 9, 2025 at 5:57 PM
🐝 It’s official: OWASP’s 2025 Top 10 now includes Software Supply Chain Failures.
Half of survey respondents ranked it their top concern, a long overdue recognition in a year marked by high-impact supply chain attacks.
→ socket.dev/blog/owasp-2... #owasp #appsec #cybersecurity
Half of survey respondents ranked it their top concern, a long overdue recognition in a year marked by high-impact supply chain attacks.
→ socket.dev/blog/owasp-2... #owasp #appsec #cybersecurity
🐝 It’s official: OWASP’s 2025 Top 10 now includes Software Supply Chain Failures.
Half of survey respondents ranked it their top concern, a long overdue recognition in a year marked by high-impact supply chain attacks.
→ socket.dev/blog/owasp-2... #owasp #appsec #cybersecurity
Half of survey respondents ranked it their top concern, a long overdue recognition in a year marked by high-impact supply chain attacks.
→ socket.dev/blog/owasp-2... #owasp #appsec #cybersecurity
OWASP 2025 Top 10 Adds Software Supply Chain Failures, Ranke...
OWASP’s 2025 Top 10 introduces Software Supply Chain Failures as a new category, reflecting rising concern over dependency and build system risks.
socket.dev
November 9, 2025 at 5:57 PM
🐝 It’s official: OWASP’s 2025 Top 10 now includes Software Supply Chain Failures.
Half of survey respondents ranked it their top concern, a long overdue recognition in a year marked by high-impact supply chain attacks.
→ socket.dev/blog/owasp-2... #owasp #appsec #cybersecurity
Half of survey respondents ranked it their top concern, a long overdue recognition in a year marked by high-impact supply chain attacks.
→ socket.dev/blog/owasp-2... #owasp #appsec #cybersecurity
Reposted by Socket
Cybercrims plant destructive time bomb malware in industrial .NET extensions
Cybercrims plant destructive time bomb malware in industrial .NET extensions
Multi-year wait for destruction comes to an end for mystery attackers
Security experts have helped remove malicious NuGet packages planted in 2023 that were designed to destroy systems years in advance, with some payloads not due to hit until the latter part of this decade.…
dlvr.it
November 7, 2025 at 3:32 PM
Cybercrims plant destructive time bomb malware in industrial .NET extensions
Reposted by Socket
This is wild. 99% of the code is legit, with just 20 malicious lines buried in thousands of lines of working code.
cc: @campuscodi.risky.biz
cc: @campuscodi.risky.biz
🚨 New from Socket Threat Research: 9 malicious #NuGet packages deliver time-delayed destructive payloads, designed to crash apps and sabotage industrial control systems.
Read the full analysis → socket.dev/blog/9-malic... #dotnet
Read the full analysis → socket.dev/blog/9-malic... #dotnet
9 Malicious NuGet Packages Deliver Time-Delayed Destructive ...
Socket researchers discovered nine malicious NuGet packages that use time-delayed payloads to crash applications and corrupt industrial control system...
socket.dev
November 6, 2025 at 9:41 PM
This is wild. 99% of the code is legit, with just 20 malicious lines buried in thousands of lines of working code.
cc: @campuscodi.risky.biz
cc: @campuscodi.risky.biz
🚨 New from Socket Threat Research: 9 malicious #NuGet packages deliver time-delayed destructive payloads, designed to crash apps and sabotage industrial control systems.
Read the full analysis → socket.dev/blog/9-malic... #dotnet
Read the full analysis → socket.dev/blog/9-malic... #dotnet
9 Malicious NuGet Packages Deliver Time-Delayed Destructive ...
Socket researchers discovered nine malicious NuGet packages that use time-delayed payloads to crash applications and corrupt industrial control system...
socket.dev
November 6, 2025 at 8:38 PM
🚨 New from Socket Threat Research: 9 malicious #NuGet packages deliver time-delayed destructive payloads, designed to crash apps and sabotage industrial control systems.
Read the full analysis → socket.dev/blog/9-malic... #dotnet
Read the full analysis → socket.dev/blog/9-malic... #dotnet
Reposted by Socket
Excited to announce I've joined @socket.dev as an Open Source Architect :-)
November 4, 2025 at 6:26 PM
Excited to announce I've joined @socket.dev as an Open Source Architect :-)
“With Socket we can get ahead of threats and prevent malicious packages from being pulled down at all. That’s a huge gap we can close and sleep better at night.”
– Lawrence Elitzer, Director of Security, @jumpcloud.bsky.social
– Lawrence Elitzer, Director of Security, @jumpcloud.bsky.social
November 6, 2025 at 2:11 PM
“With Socket we can get ahead of threats and prevent malicious packages from being pulled down at all. That’s a huge gap we can close and sleep better at night.”
– Lawrence Elitzer, Director of Security, @jumpcloud.bsky.social
– Lawrence Elitzer, Director of Security, @jumpcloud.bsky.social
Check out Socket CTO @ahmadnassri.com
at @workos.bsky.social' Enterprise Ready Conf: Ahmad joined a panel discussing how enterprise security is adapting, as AI speeds up both software development and attacks targeting developer machines. socket.dev/blog/how-ent...
at @workos.bsky.social' Enterprise Ready Conf: Ahmad joined a panel discussing how enterprise security is adapting, as AI speeds up both software development and attacks targeting developer machines. socket.dev/blog/how-ent...
How Enterprise Security Is Adapting to AI-Accelerated Threat...
Socket CTO Ahmad Nassri discusses why supply chain attacks now target developer machines and what AI means for the future of enterprise security.
socket.dev
November 5, 2025 at 6:48 PM
Check out Socket CTO @ahmadnassri.com
at @workos.bsky.social' Enterprise Ready Conf: Ahmad joined a panel discussing how enterprise security is adapting, as AI speeds up both software development and attacks targeting developer machines. socket.dev/blog/how-ent...
at @workos.bsky.social' Enterprise Ready Conf: Ahmad joined a panel discussing how enterprise security is adapting, as AI speeds up both software development and attacks targeting developer machines. socket.dev/blog/how-ent...
Reposted by Socket
Five practical steps to stay safe on npm
@sarahgooding.bsky.social @socket.dev
socket.dev/blog/the-cha...
#ECMAScript #JavaScript
@sarahgooding.bsky.social @socket.dev
socket.dev/blog/the-cha...
#ECMAScript #JavaScript
The Changelog Podcast: Practical Steps to Stay Safe on npm -...
Learn the essential steps every developer should take to stay secure on npm and reduce exposure to supply chain attacks.
socket.dev
November 3, 2025 at 6:53 PM
Five practical steps to stay safe on npm
@sarahgooding.bsky.social @socket.dev
socket.dev/blog/the-cha...
#ECMAScript #JavaScript
@sarahgooding.bsky.social @socket.dev
socket.dev/blog/the-cha...
#ECMAScript #JavaScript
‼️ Update: the MIT-linked “AI-powered ransomware” report appears to have been taken offline. We updated our article to include an Internet Archive link to the original paper.
November 1, 2025 at 4:00 AM
‼️ Update: the MIT-linked “AI-powered ransomware” report appears to have been taken offline. We updated our article to include an Internet Archive link to the original paper.
Still installing npm packages like it’s 2020? Not all npm installs are treats. 🎃
On the @changelog.com podcast, @feross.bsky.social shares practical steps every developer should take to reduce exposure to supply chain attacks on npm. →
socket.dev/blog/the-cha... #NodeJS #JavaScript
On the @changelog.com podcast, @feross.bsky.social shares practical steps every developer should take to reduce exposure to supply chain attacks on npm. →
socket.dev/blog/the-cha... #NodeJS #JavaScript
The Changelog Podcast: Practical Steps to Stay Safe on npm -...
Learn the essential steps every developer should take to stay secure on npm and reduce exposure to supply chain attacks.
socket.dev
October 31, 2025 at 6:46 PM
Still installing npm packages like it’s 2020? Not all npm installs are treats. 🎃
On the @changelog.com podcast, @feross.bsky.social shares practical steps every developer should take to reduce exposure to supply chain attacks on npm. →
socket.dev/blog/the-cha... #NodeJS #JavaScript
On the @changelog.com podcast, @feross.bsky.social shares practical steps every developer should take to reduce exposure to supply chain attacks on npm. →
socket.dev/blog/the-cha... #NodeJS #JavaScript
Reposted by Socket
This is really well written, if you want to scare your CISO, send them this for Halloween. 🎃
🧯The security community is pushing back against new claims that 80% of #ransomware attacks are AI-driven, a figure from a recent MIT-linked report now drawing widespread criticism. →
socket.dev/blog/securit...
socket.dev/blog/securit...
Security Community Slams MIT-linked Report Claiming AI Power...
Experts push back on new claims about AI-driven ransomware, warning that hype and sponsored research are distorting how the threat is understood.
socket.dev
October 31, 2025 at 11:32 AM
This is really well written, if you want to scare your CISO, send them this for Halloween. 🎃
Reposted by Socket
Socket Security has spotted 10 malicious npm packages.
The thing that stands out is the use of a CAPTCHA challenge in the npm CLI as they're being installed, most likely as a fake-out to convince victims they're installing a legitimate and actively maintained package.
socket.dev/blog/10-npm-...
The thing that stands out is the use of a CAPTCHA challenge in the npm CLI as they're being installed, most likely as a fake-out to convince victims they're installing a legitimate and actively maintained package.
socket.dev/blog/10-npm-...
October 28, 2025 at 6:54 PM
Socket Security has spotted 10 malicious npm packages.
The thing that stands out is the use of a CAPTCHA challenge in the npm CLI as they're being installed, most likely as a fake-out to convince victims they're installing a legitimate and actively maintained package.
socket.dev/blog/10-npm-...
The thing that stands out is the use of a CAPTCHA challenge in the npm CLI as they're being installed, most likely as a fake-out to convince victims they're installing a legitimate and actively maintained package.
socket.dev/blog/10-npm-...
Reposted by Socket
Socket threat researchers found 10 typosquatted npm packages that auto-run via postinstall, display fake CAPTCHAs, fingerprint IPs, and install a cross-platform credential stealer. Together, they’ve been downloaded ~9,900 times. Read the report → socket.dev/blog/10-npm-...
10 npm Typosquatted Packages Deploy Multi-Stage Credential H...
Socket researchers found 10 typosquatted npm packages that auto-run on install, show fake CAPTCHAs, fingerprint by IP, and deploy a credential stealer...
socket.dev
October 28, 2025 at 5:59 PM
Socket threat researchers found 10 typosquatted npm packages that auto-run via postinstall, display fake CAPTCHAs, fingerprint IPs, and install a cross-platform credential stealer. Together, they’ve been downloaded ~9,900 times. Read the report → socket.dev/blog/10-npm-...
🧯The security community is pushing back against new claims that 80% of #ransomware attacks are AI-driven, a figure from a recent MIT-linked report now drawing widespread criticism. →
socket.dev/blog/securit...
socket.dev/blog/securit...
Security Community Slams MIT-linked Report Claiming AI Power...
Experts push back on new claims about AI-driven ransomware, warning that hype and sponsored research are distorting how the threat is understood.
socket.dev
October 31, 2025 at 1:25 AM
🧯The security community is pushing back against new claims that 80% of #ransomware attacks are AI-driven, a figure from a recent MIT-linked report now drawing widespread criticism. →
socket.dev/blog/securit...
socket.dev/blog/securit...
The #Ruby ecosystem is entering a new phase of governance for its core package tools. Ruby creator Matz assumes control of RubyGems and Bundler as former maintainers agree to transfer all rights to end the dispute.
socket.dev/blog/ruby-co... cc: @shortruby.com @lucianghinda.com #rubyonrails
socket.dev/blog/ruby-co... cc: @shortruby.com @lucianghinda.com #rubyonrails
Ruby Core Team Assumes Stewardship of RubyGems and Bundler, ...
Ruby's creator Matz assumes control of RubyGems and Bundler repositories while former maintainers agree to step back and transfer all rights to end th...
socket.dev
October 29, 2025 at 9:43 PM
The #Ruby ecosystem is entering a new phase of governance for its core package tools. Ruby creator Matz assumes control of RubyGems and Bundler as former maintainers agree to transfer all rights to end the dispute.
socket.dev/blog/ruby-co... cc: @shortruby.com @lucianghinda.com #rubyonrails
socket.dev/blog/ruby-co... cc: @shortruby.com @lucianghinda.com #rubyonrails
Reposted by Socket
Some fairly convincing typosquats in this campaign - a reminder that typosquatting is still an effective attack vector on npm.
cc: @campuscodi.risky.biz
cc: @campuscodi.risky.biz
Socket threat researchers found 10 typosquatted npm packages that auto-run via postinstall, display fake CAPTCHAs, fingerprint IPs, and install a cross-platform credential stealer. Together, they’ve been downloaded ~9,900 times. Read the report → socket.dev/blog/10-npm-...
10 npm Typosquatted Packages Deploy Multi-Stage Credential H...
Socket researchers found 10 typosquatted npm packages that auto-run on install, show fake CAPTCHAs, fingerprint by IP, and deploy a credential stealer...
socket.dev
October 29, 2025 at 2:49 AM
Some fairly convincing typosquats in this campaign - a reminder that typosquatting is still an effective attack vector on npm.
cc: @campuscodi.risky.biz
cc: @campuscodi.risky.biz
Socket threat researchers found 10 typosquatted npm packages that auto-run via postinstall, display fake CAPTCHAs, fingerprint IPs, and install a cross-platform credential stealer. Together, they’ve been downloaded ~9,900 times. Read the report → socket.dev/blog/10-npm-...
10 npm Typosquatted Packages Deploy Multi-Stage Credential H...
Socket researchers found 10 typosquatted npm packages that auto-run on install, show fake CAPTCHAs, fingerprint by IP, and deploy a credential stealer...
socket.dev
October 28, 2025 at 5:59 PM
Socket threat researchers found 10 typosquatted npm packages that auto-run via postinstall, display fake CAPTCHAs, fingerprint IPs, and install a cross-platform credential stealer. Together, they’ve been downloaded ~9,900 times. Read the report → socket.dev/blog/10-npm-...
🚀 Socket Launch Week Day 5!
Malicious packages are infiltrating development environments before they ever reach production.
Today we're answering these threats with the release of Socket Firewall Enterprise: configurable, enterprise-grade protection for modern package ecosystems.
Malicious packages are infiltrating development environments before they ever reach production.
Today we're answering these threats with the release of Socket Firewall Enterprise: configurable, enterprise-grade protection for modern package ecosystems.
October 24, 2025 at 6:27 PM
🚀 Socket Launch Week Day 5!
Malicious packages are infiltrating development environments before they ever reach production.
Today we're answering these threats with the release of Socket Firewall Enterprise: configurable, enterprise-grade protection for modern package ecosystems.
Malicious packages are infiltrating development environments before they ever reach production.
Today we're answering these threats with the release of Socket Firewall Enterprise: configurable, enterprise-grade protection for modern package ecosystems.
Reposted by Socket
Today, we’re launching Socket Firewall Enterprise — built to stop malicious packages before they ever reach your apps or developer systems.
October 24, 2025 at 3:56 PM
Today, we’re launching Socket Firewall Enterprise — built to stop malicious packages before they ever reach your apps or developer systems.