Socket Blog - Plushcap

Blog URL

socket.dev/blog

Posts YTD

39 ↑ vs 0 last year

Avg Posts/Month

0.0 since 2022

Monthly Post Volume

Start year: 2025 2026

Post Details

Search:

Title	Author	Published	Words	HN Pts
Malicious Chrome Extension Injects Hidden SOL Fees Into Solana Swaps	Kush Pandya	2025-11-25	1,517	--
PyPI Expands Trusted Publishing to GitLab Self-Managed as Adoption Passes 25 Percent	Sarah Gooding	2025-11-14	644	--
ENISA’s 2025 Threat Landscape: AI Reshapes Cyber Attacks, from Phishing to Supply …	Sarah Gooding	2025-10-16	680	--
The Nightmare Before Deployment	Ahmad Nassri	2025-12-16	603	--
Another Round of TEA Protocol Spam Floods npm, But It’s Not a …	Philipp Burckhardt	2025-11-14	929	--
Introducing Webhook Events for Pull Request Scans	Jeppe Hasseriis	2025-10-22	539	--
Malicious Chrome Extensions “Phantom Shuttle” Masquerade as a VPN to Intercept Traffic …	Kush Pandya	2025-12-22	2,864	--
Malicious NuGet Package Typosquats Popular .NET Tracing Library to Steal Wallet Passwords	Kirill Boychenko	2025-12-15	1,996	--
Unify Your Security Stack with Socket Basics	Douglas Coburn and Eli Insua	2025-10-21	1,150	--
Engineering with AI Podcast: The Promise of AI-First Development	Sarah Gooding	2025-12-24	12,951	--
2025 Report: Destructive Malware in Open Source Packages	Kush Pandya	2025-12-24	1,393	--
Ruby Central Faces Backlash After Publishing Incident Timeline on RubyGems Access Dispute	Sarah Gooding	2025-10-14	2,204	--
Deno 2.6 + Socket: Supply Chain Defense In Your CLI	Sarah Gooding	2025-12-12	520	--
npm Malware Campaign Uses Adspect Cloaking to Deliver Malicious Redirects	Olivia Brown	2025-11-17	3,290	--
Announcing Experimental Malware Scanning for the Hugging Face Ecosystem	Wenxin Jiang	2025-10-20	1,597	--
Critical Security Vulnerability in React Server Components	Sarah Gooding	2025-12-03	395	--
Inside the GitHub Infrastructure Powering North Korea’s Contagious Interview npm Attacks	Kirill Boychenko	2025-11-26	5,010	--
Malicious Go Packages Impersonate Google’s UUID Library and Exfiltrate Data	Kirill Boychenko	2025-12-05	2,004	--
New CNAPulse Dashboard Tracks CNA Activity and Disclosure Trends	Sarah Gooding	2025-10-24	580	--
Announcing Bun and vlt Support in Socket	Ricky Reusser and Eli Insua	2025-11-19	687	--
Scaling Socket from Zero to 10,000+ Organizations	Sarah Gooding	2025-12-02	185	--
North Korea’s Contagious Interview Campaign Escalates: 338 Malicious npm Packages, 50,000 Downloads	Kirill Boychenko	2025-10-10	3,160	--
Malicious Rust Crate evm-units Serves Cross-Platform Payloads for Silent Execution	Olivia Brown	2025-12-02	1,645	--
Announcing Socket Certified Patches: One-Click Fixes for Vulnerable Dependencies	Mikola Lysenko, Jordan Harband and Jonah Ghebremichael	2025-11-18	1,420	--
131 Spamware Extensions Targeting WhatsApp Flood Chrome Web Store	Kirill Boychenko	2025-10-18	2,418	--
npm Sees Surge of Auto-Generated “elf-stats” Packages Published Every Two Minutes	Olivia Brown	2025-12-03	7,848	--
Malicious NuGet Packages Typosquat Nethereum to Exfiltrate Wallet Keys	Kirill Boychenko	2025-10-22	1,487	--
9 Malicious NuGet Packages Deliver Time-Delayed Destructive Payloads	Kush Pandya	2025-11-06	2,255	--
The Changelog Podcast: Practical Steps to Stay Safe on npm	Sarah Gooding	2025-10-31	429	--
Vite+ Joins the Push to Consolidate JavaScript Tooling	Sarah Gooding	2025-10-15	551	--
How Enterprise Security Is Adapting to AI-Accelerated Threats	Sarah Gooding	2025-11-04	267	--
Introducing Socket Firewall Enterprise: Flexible, Configurable Protection for Modern Package Ecosystems	Bradley Meck Farias and Dale Bustad	2025-10-24	770	--
npm Revokes Classic Tokens, as OpenJS Warns Maintainers About OIDC Gaps	Sarah Gooding	2025-12-10	1,318	--
ENISA Becomes a CVE Root, Expanding Its Role in Europe’s Vulnerability Ecosystem	Sarah Gooding	2025-11-21	566	--
Spearphishing Campaign Abuses npm Registry to Target U.S. and Allied Manufacturing and …	Nicholas Anderson and Kirill Boychenko	2025-12-23	2,631	--
Rust RFC Proposes a Security Tab on crates.io for RustSec Advisories	Sarah Gooding	2025-12-09	1,073	--
November CVEs Fell 25% YoY, Driven by Slowdowns at Major CNAs	Sarah Gooding	2025-12-04	596	--
TypeScript 6.0 Will Be the Last JavaScript-Based Major Release	Sarah Gooding	2025-12-03	853	--
Socket Firewall Now Available in Docker Hardened Images	Sarah Gooding	2025-12-17	504	--
New React Server Components Vulnerabilities: DoS and Source Code Exposure	Sarah Gooding	2025-12-12	388	--
Introducing Webhook Events for Alert Changes	Phil Gates-Idem	2025-11-21	728	--
Shai Hulud Strikes Again (v2)	Socket Research Team	2025-11-24	3,910	--
Meet Socket at Black Hat Europe and BSides London 2025	Anders Søndergaard	2025-11-11	338	--
Malicious Chrome Extension Exfiltrates Seed Phrases, Enabling Wallet Takeover	Kirill Boychenko	2025-11-12	1,371	--
Introducing Socket Scanning for OpenVSX Extensions	Mix Irving and Ryan Eberhardt	2025-11-20	954	--
175 Malicious npm Packages Host Phishing Infrastructure Targeting 135+ Organizations	Kush Pandya	2025-10-09	2,193	--
Reachability for Ruby Now in Beta	Oskar Haarklou Veileborg	2025-11-17	572	--
Malicious Crate Mimicking ‘Finch’ Exfiltrates Credentials via a Hidden Dependency	Kush Pandya	2025-12-05	1,650	--
Software Engineering Daily Podcast: Feross on AI, Open Source, and Supply Chain …	Sarah Gooding	2025-12-11	10,160	--
Socket Integrates With Bun 1.3’s Security Scanner API	Ahmad Nassri and Bradley Meck Farias	2025-10-10	691	--
Ruby Core Team Assumes Stewardship of RubyGems and Bundler, Former Maintainers Offer …	Sarah Gooding	2025-10-29	1,352	--
OWASP 2025 Top 10 Adds Software Supply Chain Failures, Ranked Top Community …	Sarah Gooding	2025-11-08	896	--
10 npm Typosquatted Packages Deploy Multi-Stage Credential Harvester	Kush Pandya	2025-10-28	2,559	--
Security Community Slams MIT-linked Report Claiming AI Powers 80% of Ransomware	Sarah Gooding	2025-10-30	1,140	--
Weaponizing Discord for Command and Control Across npm, PyPI, and RubyGems.org	Olivia Brown	2025-10-11	1,952	--
Google’s OSV Fix Just Added 500+ New Advisories — All Thanks to …	Jonathan Leitschuh	2025-10-10	940	--
Introducing GitHub Actions Scanning Support	Rakesh Chatrath and Greg Tystahl	2025-10-23	806	--
npm to Implement Staged Publishing After Turbulent Shift Off Classic Tokens	Sarah Gooding	2026-01-07	1,310	--
GitHub Actions Pricing Whiplash: Self-Hosted Actions Billing Change Postponed	Sarah Gooding	2026-01-05	1,672	--
Tailwind CSS Announces 75% Layoffs as LLMs Reshape OSS Business Models	Sarah Gooding	2026-01-08	1,595	--
Malicious Chrome Extension Steals MEXC API Keys for Account Takeover	Kirill Boychenko	2026-01-12	2,448	--
Insecure Agents Podcast: Certified Patches, Supply Chain Security, and AI Agents	Sarah Gooding	2026-01-08	339	--
CVE Volume Surges Past 48,000 in 2025 as WordPress Plugin Ecosystem Drives …	Sarah Gooding	2026-01-09	785	--
Node.js Fixes AsyncLocalStorage Crash Bug That Could Take Down Production Servers	Sarah Gooding	2026-01-14	1,050	--
Rust Support in Socket Is Now Generally Available	Trevor Norris	2026-01-19	562	--
Temporal API Ships in Chrome 144, Marking a Major Shift for JavaScript …	Sarah Gooding	2026-01-16	640	--
5 Malicious Chrome Extensions Enable Session Hijacking in Enterprise HR and ERP …	Kush Pandya	2026-01-15	3,972	--
Introducing Custom Tabs for Org Alerts	André Staltz	2026-01-20	436	--
Introducing Immutable Scans	Nolan Lawson	2026-01-23	804	--
Introducing Supply Chain Attack Campaigns Tracking in the Socket Dashboard	Philipp Burckhardt	2026-01-21	759	--
curl Shuts Down Bug Bounty Program After Flood of AI Slop Reports	Sarah Gooding	2026-01-23	1,027	--
Introducing the Alert Details Page: A Better Way to Explore Alerts	André Staltz	2026-01-22	512	--
PyPI Package Impersonates SymPy to Deliver Cryptomining Malware	Kirill Boychenko	2026-01-21	1,669	--
Node.js 25.4.0 Ships with Stable require(esm)	Sarah Gooding	2026-01-21	591	--
crates.io Ships Security Tab and Tightens Publishing Controls	Sarah Gooding	2026-01-27	812	--
Malicious Chrome Extension Performs Hidden Affiliate Hijacking	Kush Pandya	2026-01-27	1,426	--
Federal Government Rescinds Software Supply Chain Mandates, Makes SBOMs Optional	Sarah Gooding	2026-01-28	541	--
n8n Tops 2025 JavaScript Rising Stars as Workflow Platforms Gain Momentum	Sarah Gooding	2026-01-29	789	--
GlassWorm Loader Hits Open VSX via Developer Account Compromise	Kirill Boychenko	2026-01-31	2,317	--
Inside Lodash’s Security Reset and Maintenance Reboot	Sarah Gooding	2026-01-31	1,528	--
Open VSX Begins Implementing Pre-Publish Security Checks After Repeated Supply Chain Incidents	Sarah Gooding	2026-02-02	811	--
gem.coop Tests Dependency Cooldowns as Package Ecosystems Move to Slow Down Attacks	Sarah Gooding	2026-02-05	444	--
Malicious dYdX Packages Published to npm and PyPI After Maintainer Compromise	Kush Pandya	2026-02-06	2,458	--
The Next Open Source Security Race: Triage at Machine Speed	Sarah Gooding	2026-02-06	1,361	--
AI Agent Submits PR to Matplotlib, Publishes Angry Blog Post After Rejection	Sarah Gooding	2026-02-12	1,959	--
Cline CLI npm Package Compromised via Suspected Cache Poisoning Attack	Sarah Gooding	2026-02-18	1,079	--
Four Malicious NuGet Packages Target ASP.NET Developers With JIT Hooking and Credential …	Kush Pandya	2026-02-23	3,466	--
Malicious Chrome Extension Steals Meta Business Manager Exports and TOTP 2FA Seeds	Kirill Boychenko	2026-02-13	2,621	--
Socket Joins the OpenJS Foundation	Sarah Gooding	2026-02-19	414	--
SANDWORM_MODE: Shai-Hulud-Style npm Worm Hijacks CI Workflows and Poisons AI Toolchains	Socket Research Team	2026-02-20	7,183	--
AI Agent Lands PRs in Major OSS Projects, Targets Maintainers via Cold …	Sarah Gooding	2026-02-14	1,922	--
Socket Brings Supply Chain Security to skills.sh	Wenxin Jiang and Alexandros Kapravelos	2026-02-17	701	--
High-Severity RCE Vulnerability Disclosed in next-mdx-remote	Sarah Gooding	2026-02-12	630	--
Introducing PHP and Composer Support in Socket	Trevor Norris	2026-02-17	980	--
OpenClaw Skill Marketplace Emerges as Active Malware Vector	Sarah Gooding	2026-02-09	1,205	--
Socket Security Analysis Is Now One Click Away on npm	Sarah Gooding	2026-02-19	474	--

Plushcap, by Matt Makai. 2021-2026.