Socket Blog - Plushcap

Blog URL

socket.dev/blog

Posts YTD

2 ↑ vs 0 last year

Avg Posts/Month

0.0 since 2022

Monthly Post Volume

Start year: 2025 2026

Post Details

Search:

Title	Author	Published	Words	HN Pts
Malicious Chrome Extension Injects Hidden SOL Fees Into Solana Swaps	Kush Pandya	2025-11-25	1,517	--
PyPI Expands Trusted Publishing to GitLab Self-Managed as Adoption Passes 25 Percent	Sarah Gooding	2025-11-14	644	--
ENISA’s 2025 Threat Landscape: AI Reshapes Cyber Attacks, from Phishing to Supply …	Sarah Gooding	2025-10-16	680	--
The Nightmare Before Deployment	Ahmad Nassri	2025-12-16	603	--
Another Round of TEA Protocol Spam Floods npm, But It’s Not a …	Philipp Burckhardt	2025-11-14	929	--
Introducing Webhook Events for Pull Request Scans	Jeppe Hasseriis	2025-10-22	539	--
Malicious Chrome Extensions “Phantom Shuttle” Masquerade as a VPN to Intercept Traffic …	Kush Pandya	2025-12-22	2,864	--
Malicious NuGet Package Typosquats Popular .NET Tracing Library to Steal Wallet Passwords	Kirill Boychenko	2025-12-15	1,996	--
Unify Your Security Stack with Socket Basics	Douglas Coburn and Eli Insua	2025-10-21	1,150	--
Engineering with AI Podcast: The Promise of AI-First Development	Sarah Gooding	2025-12-24	12,951	--
2025 Report: Destructive Malware in Open Source Packages	Kush Pandya	2025-12-24	1,393	--
Ruby Central Faces Backlash After Publishing Incident Timeline on RubyGems Access Dispute	Sarah Gooding	2025-10-14	2,204	--
Deno 2.6 + Socket: Supply Chain Defense In Your CLI	Sarah Gooding	2025-12-12	520	--
npm Malware Campaign Uses Adspect Cloaking to Deliver Malicious Redirects	Olivia Brown	2025-11-17	3,290	--
Announcing Experimental Malware Scanning for the Hugging Face Ecosystem	Wenxin Jiang	2025-10-20	1,597	--
Critical Security Vulnerability in React Server Components	Sarah Gooding	2025-12-03	395	--
Inside the GitHub Infrastructure Powering North Korea’s Contagious Interview npm Attacks	Kirill Boychenko	2025-11-26	5,010	--
Malicious Go Packages Impersonate Google’s UUID Library and Exfiltrate Data	Kirill Boychenko	2025-12-05	2,004	--
New CNAPulse Dashboard Tracks CNA Activity and Disclosure Trends	Sarah Gooding	2025-10-24	580	--
Announcing Bun and vlt Support in Socket	Ricky Reusser and Eli Insua	2025-11-19	687	--
Scaling Socket from Zero to 10,000+ Organizations	Sarah Gooding	2025-12-02	185	--
North Korea’s Contagious Interview Campaign Escalates: 338 Malicious npm Packages, 50,000 Downloads	Kirill Boychenko	2025-10-10	3,160	--
Malicious Rust Crate evm-units Serves Cross-Platform Payloads for Silent Execution	Olivia Brown	2025-12-02	1,645	--
Announcing Socket Certified Patches: One-Click Fixes for Vulnerable Dependencies	Mikola Lysenko, Jordan Harband and Jonah Ghebremichael	2025-11-18	1,420	--
131 Spamware Extensions Targeting WhatsApp Flood Chrome Web Store	Kirill Boychenko	2025-10-18	2,418	--
npm Sees Surge of Auto-Generated “elf-stats” Packages Published Every Two Minutes	Olivia Brown	2025-12-03	7,848	--
Malicious NuGet Packages Typosquat Nethereum to Exfiltrate Wallet Keys	Kirill Boychenko	2025-10-22	1,487	--
9 Malicious NuGet Packages Deliver Time-Delayed Destructive Payloads	Kush Pandya	2025-11-06	2,255	--
The Changelog Podcast: Practical Steps to Stay Safe on npm	Sarah Gooding	2025-10-31	429	--
Vite+ Joins the Push to Consolidate JavaScript Tooling	Sarah Gooding	2025-10-15	551	--
How Enterprise Security Is Adapting to AI-Accelerated Threats	Sarah Gooding	2025-11-04	267	--
Introducing Socket Firewall Enterprise: Flexible, Configurable Protection for Modern Package Ecosystems	Bradley Meck Farias and Dale Bustad	2025-10-24	770	--
npm Revokes Classic Tokens, as OpenJS Warns Maintainers About OIDC Gaps	Sarah Gooding	2025-12-10	1,318	--
ENISA Becomes a CVE Root, Expanding Its Role in Europe’s Vulnerability Ecosystem	Sarah Gooding	2025-11-21	566	--
Spearphishing Campaign Abuses npm Registry to Target U.S. and Allied Manufacturing and …	Nicholas Anderson and Kirill Boychenko	2025-12-23	2,631	--
Rust RFC Proposes a Security Tab on crates.io for RustSec Advisories	Sarah Gooding	2025-12-09	1,073	--
November CVEs Fell 25% YoY, Driven by Slowdowns at Major CNAs	Sarah Gooding	2025-12-04	596	--
TypeScript 6.0 Will Be the Last JavaScript-Based Major Release	Sarah Gooding	2025-12-03	853	--
Socket Firewall Now Available in Docker Hardened Images	Sarah Gooding	2025-12-17	504	--
New React Server Components Vulnerabilities: DoS and Source Code Exposure	Sarah Gooding	2025-12-12	388	--
Introducing Webhook Events for Alert Changes	Phil Gates-Idem	2025-11-21	728	--
Shai Hulud Strikes Again (v2)	Socket Research Team	2025-11-24	3,910	--
Meet Socket at Black Hat Europe and BSides London 2025	Anders Søndergaard	2025-11-11	338	--
Malicious Chrome Extension Exfiltrates Seed Phrases, Enabling Wallet Takeover	Kirill Boychenko	2025-11-12	1,371	--
Introducing Socket Scanning for OpenVSX Extensions	Mix Irving and Ryan Eberhardt	2025-11-20	954	--
175 Malicious npm Packages Host Phishing Infrastructure Targeting 135+ Organizations	Kush Pandya	2025-10-09	2,193	--
Reachability for Ruby Now in Beta	Oskar Haarklou Veileborg	2025-11-17	572	--
Malicious Crate Mimicking ‘Finch’ Exfiltrates Credentials via a Hidden Dependency	Kush Pandya	2025-12-05	1,650	--
Software Engineering Daily Podcast: Feross on AI, Open Source, and Supply Chain …	Sarah Gooding	2025-12-11	10,160	--
Socket Integrates With Bun 1.3’s Security Scanner API	Ahmad Nassri and Bradley Meck Farias	2025-10-10	691	--
Ruby Core Team Assumes Stewardship of RubyGems and Bundler, Former Maintainers Offer …	Sarah Gooding	2025-10-29	1,352	--
OWASP 2025 Top 10 Adds Software Supply Chain Failures, Ranked Top Community …	Sarah Gooding	2025-11-08	896	--
10 npm Typosquatted Packages Deploy Multi-Stage Credential Harvester	Kush Pandya	2025-10-28	2,559	--
Security Community Slams MIT-linked Report Claiming AI Powers 80% of Ransomware	Sarah Gooding	2025-10-30	1,140	--
Weaponizing Discord for Command and Control Across npm, PyPI, and RubyGems.org	Olivia Brown	2025-10-11	1,952	--
Google’s OSV Fix Just Added 500+ New Advisories — All Thanks to …	Jonathan Leitschuh	2025-10-10	940	--
Introducing GitHub Actions Scanning Support	Rakesh Chatrath and Greg Tystahl	2025-10-23	806	--
npm to Implement Staged Publishing After Turbulent Shift Off Classic Tokens	Sarah Gooding	2026-01-07	1,310	--
GitHub Actions Pricing Whiplash: Self-Hosted Actions Billing Change Postponed	Sarah Gooding	2026-01-05	1,672	--

Plushcap, by Matt Makai. 2021-2026.