Socket Blog - Plushcap

Blog URL

socket.dev/blog

Posts YTD

56 ↑ vs 0 last year

Avg Posts/Month

0.0 since 2026

Monthly Post Volume

Start year: 2025 2026

Post Details

Search:

Title	Author	Published	Words	HN Pts
npm to Implement Staged Publishing After Turbulent Shift Off Classic Tokens	Sarah Gooding	2026-01-07	1,310	--
GitHub Actions Pricing Whiplash: Self-Hosted Actions Billing Change Postponed	Sarah Gooding	2026-01-05	1,672	--
Tailwind CSS Announces 75% Layoffs as LLMs Reshape OSS Business Models	Sarah Gooding	2026-01-08	1,595	--
Malicious Chrome Extension Steals MEXC API Keys for Account Takeover	Kirill Boychenko	2026-01-12	2,448	--
Insecure Agents Podcast: Certified Patches, Supply Chain Security, and AI Agents	Sarah Gooding	2026-01-08	339	--
CVE Volume Surges Past 48,000 in 2025 as WordPress Plugin Ecosystem Drives …	Sarah Gooding	2026-01-09	785	--
Node.js Fixes AsyncLocalStorage Crash Bug That Could Take Down Production Servers	Sarah Gooding	2026-01-14	1,050	--
Rust Support in Socket Is Now Generally Available	Trevor Norris	2026-01-19	562	--
Temporal API Ships in Chrome 144, Marking a Major Shift for JavaScript …	Sarah Gooding	2026-01-16	640	--
5 Malicious Chrome Extensions Enable Session Hijacking in Enterprise HR and ERP …	Kush Pandya	2026-01-15	3,972	--
Introducing Custom Tabs for Org Alerts	André Staltz	2026-01-20	436	--
Introducing Immutable Scans	Nolan Lawson	2026-01-23	804	--
Introducing Supply Chain Attack Campaigns Tracking in the Socket Dashboard	Philipp Burckhardt	2026-01-21	759	--
curl Shuts Down Bug Bounty Program After Flood of AI Slop Reports	Sarah Gooding	2026-01-23	1,027	--
Introducing the Alert Details Page: A Better Way to Explore Alerts	André Staltz	2026-01-22	512	--
PyPI Package Impersonates SymPy to Deliver Cryptomining Malware	Kirill Boychenko	2026-01-21	1,669	--
Node.js 25.4.0 Ships with Stable require(esm)	Sarah Gooding	2026-01-21	591	--
crates.io Ships Security Tab and Tightens Publishing Controls	Sarah Gooding	2026-01-27	812	--
Malicious Chrome Extension Performs Hidden Affiliate Hijacking	Kush Pandya	2026-01-27	1,426	--
Federal Government Rescinds Software Supply Chain Mandates, Makes SBOMs Optional	Sarah Gooding	2026-01-28	541	--
n8n Tops 2025 JavaScript Rising Stars as Workflow Platforms Gain Momentum	Sarah Gooding	2026-01-29	789	--
GlassWorm Loader Hits Open VSX via Developer Account Compromise	Kirill Boychenko	2026-01-31	2,317	--
Inside Lodash’s Security Reset and Maintenance Reboot	Sarah Gooding	2026-01-31	1,528	--
Open VSX Begins Implementing Pre-Publish Security Checks After Repeated Supply Chain Incidents	Sarah Gooding	2026-02-02	811	--
gem.coop Tests Dependency Cooldowns as Package Ecosystems Move to Slow Down Attacks	Sarah Gooding	2026-02-05	444	--
Malicious dYdX Packages Published to npm and PyPI After Maintainer Compromise	Kush Pandya	2026-02-06	2,458	--
The Next Open Source Security Race: Triage at Machine Speed	Sarah Gooding	2026-02-06	1,361	--
AI Agent Submits PR to Matplotlib, Publishes Angry Blog Post After Rejection	Sarah Gooding	2026-02-12	1,959	--
Cline CLI npm Package Compromised via Suspected Cache Poisoning Attack	Sarah Gooding	2026-02-18	1,079	--
Four Malicious NuGet Packages Target ASP.NET Developers With JIT Hooking and Credential …	Kush Pandya	2026-02-23	3,466	--
Malicious Chrome Extension Steals Meta Business Manager Exports and TOTP 2FA Seeds	Kirill Boychenko	2026-02-13	2,621	--
Socket Joins the OpenJS Foundation	Sarah Gooding	2026-02-19	414	--
SANDWORM_MODE: Shai-Hulud-Style npm Worm Hijacks CI Workflows and Poisons AI Toolchains	Socket Research Team	2026-02-20	7,183	--
AI Agent Lands PRs in Major OSS Projects, Targets Maintainers via Cold …	Sarah Gooding	2026-02-14	1,922	--
Socket Brings Supply Chain Security to skills.sh	Wenxin Jiang and Alexandros Kapravelos	2026-02-17	701	--
High-Severity RCE Vulnerability Disclosed in next-mdx-remote	Sarah Gooding	2026-02-12	630	--
Introducing PHP and Composer Support in Socket	Trevor Norris	2026-02-17	980	--
OpenClaw Skill Marketplace Emerges as Active Malware Vector	Sarah Gooding	2026-02-09	1,205	--
Socket Security Analysis Is Now One Click Away on npm	Sarah Gooding	2026-02-19	474	--
npm Introduces minimumReleaseAge and Bulk OIDC Configuration	Sarah Gooding	2026-02-26	669	--
Risky Biz Podcast: Open Source Risk Is Compounding as AI Agents Write …	Sarah Gooding	2026-02-24	222	--
Malicious Go “crypto” Module Steals Passwords and Deploys Rekoobe Backdoor	Kirill Boychenko	2026-02-26	2,254	--
StegaBin: 26 Malicious npm Packages Use Pastebin Steganography to Deploy Multi-Stage Credential …	Philipp Burckhardt and Peter van der Zee	2026-02-27	4,377	--
minimatch Patches 3 High-Severity ReDoS Vulnerabilities	Sarah Gooding	2026-02-28	729	--
Unauthorized AI Agent Execution Code Published to OpenVSX in Aqua Trivy VS …	Peter van der Zee and Philipp Burckhardt	2026-03-02	3,627	--
Meet the Socket Team at RSAC and BSidesSF 2026	Sarah Gooding	2026-03-03	415	--
Malicious Packagist Packages Disguised as Laravel Utilities Deploy Encrypted RAT	Kush Pandya	2026-03-03	1,593	--
Socket Named a Supply Chain Innovator in Latio's 2026 Application Security Market …	Sarah Gooding	2026-03-05	461	--
Fake imToken Chrome Extension Steals Seed Phrases via Phishing Redirects	Kirill Boychenko	2026-03-05	1,877	--
OpenClaw Advisory Surge Highlights Gaps Between GHSA and CVE Tracking	Sarah Gooding	2026-03-10	1,307	--
5 Malicious Rust Crates Posed as Time Utilities to Exfiltrate .env Files	Kirill Boychenko	2026-03-10	1,741	--
Node.js Moves to Annual Major Releases Starting with Node 27	Sarah Gooding	2026-03-11	981	--
GCVE Launches Decentralized Publishing Ecosystem for Vulnerability Disclosure	Sarah Gooding	2026-03-12	1,103	--
6 Malicious Packagist Themes Ship Trojanized jQuery and FUNNULL Redirect Payloads	Kush Pandya	2026-03-12	2,517	--
72 Malicious Open VSX Extensions Linked to GlassWorm Campaign Now Using Transitive …	Socket Research Team	2026-01-31	1,820	--
TC39 Advances Temporal to Stage 4 Alongside Several ECMAScript Proposals	Sarah Gooding	2026-03-16	706	--

Plushcap, by Matt Makai. 2021-2026.