May 2026 Summaries
27 posts from Socket
Filter
Month:
Year:
Post Summaries
Back to Blog
Malicious obfuscated JavaScript was discovered in the development branch "drewroberts/feature/test-case" of the PHP package "roberts/leads" on Packagist, a legitimate Laravel package associated with Drew Roberts. The compromised code was flagged by Socket AI Scanner as malware and was found in the "tailwind.js" file, masquerading as normal Tailwind configuration but actually behaving as a JavaScript malware loader. This malicious code, likely the result of a developer or repository compromise rather than a new malicious package, uses blockchain infrastructure, including TRON, Aptos, and BNB Smart Chain, to retrieve encrypted payloads, which it then decrypts and executes, potentially launching hidden Node.js processes. The issue was reported to the Packagist security team and the package maintainer, prompting swift removal of the malicious version. This incident bears resemblance to a North Korean APT supply chain attack, targeting developers through fake job interviews or developer tasks by exploiting trusted developer infrastructure. The attack was confined to a dev/test branch, reducing the risk of accidental mass installation, but highlighting the need for vigilance in reviewing unfamiliar build instructions and configurations.
May 31, 2026
1,667 words in the original blog post.
Rust, a programming language known for its safety and performance, has topped Stack Overflow's most-admired language survey for nine years and has become a focus for AI-assisted development due to its strict compiler, which provides immediate feedback. However, this has led to an influx of low-effort AI-generated pull requests (PRs) to its repository, prompting the Rust project to propose a policy that restricts AI use in code contributions. This policy, submitted by Jynn Nelson, permits the use of AI for learning and code analysis but prohibits AI-authored code in official contributions unless under strict conditions. The proposal has sparked debate among Rust's leadership, with concerns that it may hinder future contributors who rely on AI tools, and some argue that it should focus more on the review obligations of maintainers rather than restricting contributors. The policy's complexity and potential impact on contributor engagement have been contentious, with some leaders viewing it as a starting point for ongoing discussions. The approach contrasts with other open-source projects that range from full bans to conditional allowances for AI-generated contributions, and the Rust project's policy currently applies only to its main repository, with ongoing discussions about broader implementation.
May 31, 2026
1,288 words in the original blog post.
Sicoob.Sdk versions 2.0.0 through 2.0.4 were maliciously designed to exfiltrate sensitive banking credentials, including client IDs and PFX passwords, via a third-party Sentry endpoint, posing a significant security risk. The package, which purported to be an official C# SDK for Sicoob API integrations, was hosted on NuGet and appeared to have a clean-source façade on GitHub, yet the NuGet artifact contained concealed exfiltration logic not present in the visible source. The fraudulent package was part of an impersonation effort, misleadingly presented under Sicoob branding and linked to an unauthorized GitHub organization, Sicoob-Cooperativa, unverified and lacking official confirmation from Sicoob. The exfiltration allowed potential impersonation of Sicoob's API clients, threatening account integrity and exposing sensitive financial data. The malicious activity was promptly reported, leading to NuGet's blockage of the package and highlighting the importance of vigilant supply chain security and verification of developer tools.
May 28, 2026
2,654 words in the original blog post.
Socket CEO Feross Aboukhadijeh discussed the company's recent $60 million Series C funding led by Thrive Capital, highlighting a significant 500%+ ARR growth over the past year due to heightened awareness of software supply chain security. The conversation explored the challenges posed by AI-generated third-party code, the discovery of numerous vulnerabilities by advanced AI models, and the increasing trend of attackers targeting open-source components to infiltrate organizations. Socket's Certified Patches offer a solution by providing AI-driven fixes to vulnerabilities without requiring immediate upstream patches, addressing the overwhelming burden on open-source maintainers. Aboukhadijeh emphasized the urgency of the issue, noting that many companies now prioritize software supply chain security at the board level, as evidenced by multiple supply chain attacks occurring even during high-demand periods such as quarter-end. The discussion also touched on the speculative nature of recent attacks and the ongoing threat posed by groups like Team PCP, reflecting the evolving landscape of cybersecurity challenges.
May 27, 2026
1,834 words in the original blog post.
On May 26, OSV, supported by the OpenSSF, retracted 157 false reports of malicious packages after automated detections mistakenly flagged several npm and PyPI packages, including FastAPI, Strawberry GraphQL, and others, as malware. This withdrawal occurred in response to incorrect data being introduced to security tools and CI/CD systems, which could disrupt builds and force maintainers to prove their projects' integrity. The issue arose from Amazon Inspector, an automated vulnerability management service, which was integrated into OpenSSF’s pipeline in 2025, leading to unvalidated reports being classified as malicious code. These false positives, resulting from automated reports, caused significant disruption by triggering incident responses and build failures before maintainers could address the inaccuracies. The rollback was a corrective measure to restore confidence in the OSV data source, highlighting the challenges of relying on automated detections in public package intelligence.
May 27, 2026
659 words in the original blog post.
Socket researchers have uncovered an active supply chain attack named TrapDoor, targeting the npm, PyPI, and Crates.io ecosystems with over 34 malicious packages and 384 associated versions. This campaign is designed to steal developer secrets, crypto wallets, SSH keys, cloud credentials, and other sensitive data by masquerading as generic developer tools. It uses ecosystem-specific execution paths, such as postinstall hooks in npm, import-time execution in PyPI, and build.rs scripts in Crates.io, to infiltrate developer environments. The attack is particularly aimed at communities involved in crypto, DeFi, Solana, and AI, using a shared payload, trap-core.js, to scan for and validate credentials and plant persistence mechanisms. The campaign exhibits coordinated infrastructure, with ties across all three ecosystems, and is linked to the GitHub account ddjidd564, which hosts attacker-authored material and opens pull requests to inject malicious AI-targeted instructions into open-source projects. The attack emphasizes the evolving nature of supply chain threats that leverage the entire developer workflow, with Socket detecting the campaign through cross-registry analysis.
May 24, 2026
5,697 words in the original blog post.
A compromise in the community-maintained Laravel Lang project has led to the insertion of remote code execution backdoors into several packages, including laravel-lang/lang, laravel-lang/http-statuses, laravel-lang/attributes, and laravel-lang/actions, affecting over 700 historical versions. These are third-party localization packages used in Laravel applications but are not part of the official Laravel framework. The compromise was revealed through unusual, rapid publication of tags across multiple repositories, suggesting a broader breach of the Laravel Lang organization's release process. The malicious code, rooted in a file named src/helpers.php, executes automatically upon any PHP request due to its registration in composer.json under autoload.files, allowing it to act as a complex credential-harvesting framework targeting various sensitive data across cloud services, CI/CD pipelines, password managers, and more. The payload dynamically builds its Command and Control (C2) hostname to evade detection, retrieves additional malicious payloads, and executes them, while Aikido Security and Socket have publicly disclosed this breach to alert the Laravel and PHP communities. Affected teams are advised to treat systems as potentially compromised, rotate exposed credentials, and rebuild affected environments from known-good images while preserving logs and artifacts for further analysis.
May 23, 2026
6,365 words in the original blog post.
Open source software is undergoing a transformative shift driven by the rise of AI tools, which are not only accelerating the production of new packages but also altering the dynamics between maintainers and contributors. The surge in npm packages, marked by a significant increase in those likely authored by AI, indicates a superhuman rate of development, challenging the traditional landscape of software supply chains. While AI-generated software often surpasses human selections, it has led to a flood of low-quality automated contributions, prompting maintainers to reconsider their approaches to pull requests and community engagement. Consequently, dependency shopping is becoming more automated, with AI increasingly dictating the selection and integration of software components, turning the supply chain into an opaque system where manual review is impractical. This evolution necessitates a reliance on automated tools to ensure security and transparency amidst the rapid, AI-driven changes in open source software development.
May 22, 2026
1,356 words in the original blog post.
Researchers at Socket identified a coordinated supply chain attack targeting eight Composer packages on Packagist, which included a malicious postinstall script in their package.json files. This script attempted to download and execute a binary from a GitHub Releases URL, exploiting the fact that these packages shipped JavaScript build tooling alongside PHP code. The attack highlighted a vulnerability where developers might overlook package.json scripts while focusing on Composer metadata. The malicious script was detected across eight different package versions, downloading an unauthenticated binary and executing it in the background with weakened security measures. The attack appeared to be part of a broader campaign, as further GitHub searches revealed numerous instances of similar scripts across various Node.js repositories. Researchers found that the malicious scripts were introduced through commits to upstream GitHub repositories, which were then reflected in Packagist's branch-tracking package versions. This incident underscores the importance for developers to inspect package.json files within Packagist packages that include JavaScript build tooling, as these scripts can provide a pathway for remote code execution during installation or build processes. Socket flagged the affected packages and reported them to Packagist, which removed them to mitigate the risk.
May 22, 2026
1,356 words in the original blog post.
Npm implemented a platform-wide credential reset on May 19, invalidating all granular access tokens with write access that bypass two-factor authentication, in response to a security breach involving the unauthorized publication of malicious package versions in the JavaScript ecosystem. This reset was prompted by a sustained campaign, dubbed Mini Shai-Hulud, which exploited vulnerabilities in npm and GitHub, affecting numerous packages including those in the @antv and TanStack ecosystems. Despite the reset, which aims to cut off credentials already harvested by the attackers, it does not address the root vulnerabilities, as the recent breaches bypassed existing security measures like Trusted Publishing. In tandem with the reset, npm introduced staged publishing to add an approval step requiring multi-factor authentication before a package becomes publicly available, offering a potential countermeasure against similar future attacks. However, the adoption of these security features across the ecosystem remains inconsistent, leaving the effectiveness of these measures in preventing future attacks uncertain.
May 21, 2026
1,477 words in the original blog post.
Socket has announced a $60 million Series C funding round at a valuation of $1 billion, led by Thrive Capital, with participation from Andreessen Horowitz, Abstract Ventures, and Capital One Ventures, raising its total funding to $125 million. This funding will support Socket's mission to protect the software supply chain, particularly as AI accelerates the volume of open-source code entering production. Socket addresses the vulnerabilities in open-source software by analyzing dependencies' real-time behavior, blocking malicious packages before they reach a developer's environment, and providing precise CVE triage through features like Socket Firewall and Certified Patches. Since its Series B, Socket has expanded its customer base to over 27,000 organizations, securing millions of repositories and commits monthly, and plans to enhance its platform with further investments in security tools, product launches, and team growth. The company has gained traction with high-profile AI organizations and Fortune 100 companies, emphasizing the importance of real-time threat detection in an era where AI significantly impacts software development and security.
May 20, 2026
1,813 words in the original blog post.
Socket, a developer-first security platform, has achieved unicorn status with a $60 million Series C funding round led by Thrive Capital, elevating its valuation to $1 billion. As AI continues to revolutionize software development, enterprises are increasingly focused on securing the influx of open-source code without compromising development speed. Socket addresses this need by analyzing the behavior of open-source dependencies to identify and block malicious threats before they enter production, offering real-time detection of novel attacks beyond known vulnerability databases. The recent compromise of a widely used JavaScript package underscores the urgency of robust software supply chain security, a concern highlighted by the OWASP Top 10:2025 survey, where such failures ranked as a top priority. With customers including prominent tech firms and Fortune 100 companies, Socket combines AI-assisted analysis with human verification to help organizations manage dependency risks effectively.
May 20, 2026
551 words in the original blog post.
On May 20, 2026, the Socket Threat Research team discovered a sophisticated watering-hole attack targeting iOS devices through a compromised npm package called art-template, a popular JavaScript templating library. The attack involved a package supply-chain compromise, where the new maintainer of the art-template package released backdoored versions that concealed and then openly injected malicious scripts into iOS browsers. The payload, specifically targeting Safari on iOS versions 11.0 through 17.2, used various techniques to evade detection and fingerprint devices, focusing on CPU architecture and iOS version to deliver exploit kits. The package compromise mirrored characteristics of the Coruna exploit kit, attributed to Chinese threat actor UNC6691, highlighting extensive overlaps in targeting techniques and infrastructure, such as version-specific WASM memory offsets, XOR obfuscation patterns, and .xyz domain usage for command and control. The operation aimed to exploit unpatched iOS devices, avoiding newer versions like iOS 17.3+, suggesting a boundary consistent with a patched vulnerability, and featured anti-bot and anti-automation mechanisms to ensure the payload reached valid targets.
May 20, 2026
7,102 words in the original blog post.
Socket's Threat Research team has identified a significant npm supply chain attack, affecting packages within the @antv ecosystem and others tied to a compromised npm maintainer account. This attack, part of a pattern known as Mini Shai-Hulud, involves the malicious publishing of hundreds of npm packages, including popular ones like echarts-for-react, which sees around 1.1 million weekly downloads. The attack exploits package lifecycle scripts to execute a heavily obfuscated JavaScript payload at install time, targeting developer environments and CI/CD systems by seeking sensitive credentials and secrets. The payload also incorporates various exfiltration methods, including direct HTTPS and a GitHub-based fallback mechanism, to transmit stolen data securely and covertly. Socket identified 639 compromised package versions across 323 packages in a recent wave, with the overall campaign spanning npm, PyPI, and Composer, highlighting the extensive reach and potential impact on organizations relying on these packages. This incident underscores the vulnerabilities in the npm ecosystem and the risks associated with automated dependency updates, as Socket continues to investigate and monitor the evolving threat landscape.
May 19, 2026
10,666 words in the original blog post.
Socket's Threat Research Team discovered a malicious Go module, github.com/shopsprint/decimal, which is a typosquat of the legitimate github.com/shopspring/decimal library used for arbitrary precision arithmetic in the Go ecosystem. This malicious module was weaponized on August 19, 2023, with version v1.3.3 introducing a harmful init() function that opens a DNS TXT record command-and-control channel to a threat actor's subdomain. Although the GitHub repository and owner account for shopsprint have been removed, the malicious version is still accessible through proxy.golang.org. The attack uses a "trust-then-poison" pattern, where the module appeared benign for years before being weaponized. The malicious code, which can execute arbitrary commands on affected machines, exploits Go's package initialization to run in the background without user-visible output. The persistence of this threat is facilitated by Go's reproducibility model, which caches module artifacts indefinitely. This incident highlights the vulnerabilities in software supply chains, particularly through typosquatting, and underscores the importance of vigilant dependency management and security practices in development environments.
May 19, 2026
2,564 words in the original blog post.
TeamPCP, a group known for targeting security tools and critical open-source infrastructure, is promoting a competition on BreachForums that incentivizes participants to compromise open-source packages using Shai-Hulud, an open-source attack tool they released. The contest offers a $1,000 reward in Monero for participants who can achieve the most significant compromises, judged by download counts of affected packages, which can include both high-impact single targets and a combination of smaller ones. Despite the seemingly small reward for the level of access required—potentially exposing sensitive CI/CD secrets, cloud credentials, and downstream enterprise environments—the competition acts as a recruitment strategy for lower-tier actors, turning the supply chain compromise into a leaderboard for recognition. This move has been criticized as a public stunt that trivializes modern security efforts and encourages copycat attacks, further burdening maintainers and security teams already grappling with persistent open-source supply chain vulnerabilities.
May 14, 2026
710 words in the original blog post.
Recent versions of the npm package node-ipc have been deemed malicious by Socket's threat feed, detected within minutes of publication. The affected versions—9.1.6, 9.2.3, and 12.0.1—contain obfuscated malware designed to fingerprint host environments, read and compress local files, and exfiltrate data via DNS. This malicious activity seems linked to a dormant maintainer account compromised through an expired email domain. The threat involves the CommonJS entrypoint, which executes the payload that collects sensitive data from developer environments and attempts exfiltration through DNS queries. The payload does not persist but can be triggered again if called by other code. Developers are advised to avoid installing these versions and audit any installations of node-ipc, particularly those versions. The investigation is ongoing, and further analysis by Socket’s Threat Research team aims to confirm the full scope of the compromise and extract indicators of compromise.
May 14, 2026
2,650 words in the original blog post.
Socket's threat research team has been investigating a dubious campaign dubbed "GemStuffer" that utilizes the RubyGems registry as a data transport mechanism rather than for traditional malware distribution. The campaign involves over 100 RubyGems packages, which are not aimed at mass developer compromise, as evidenced by their low download counts and repetitive payloads. These packages collect data from UK local government portals and encapsulate it within .gem archives before publishing them back to RubyGems using hardcoded API keys. This operation appears to exploit public-facing portals used by councils such as Lambeth, Wandsworth, and Southwark, gathering data like council calendars and public meeting content, which complicates its classification as either a spam campaign, a proof-of-concept worm, or package registry abuse. RubyGems has responded by disabling new account registrations and enhancing spam detection measures, as no existing packages or accounts were compromised. The campaign highlights the potential for misuse of trusted package registries to store and transport scraped data, underscoring the need for vigilant monitoring of such platforms.
May 13, 2026
3,825 words in the original blog post.
Packagist has issued an urgent warning for PHP projects to update Composer due to a vulnerability caused by a change in GitHub's token format, which led to some tokens being exposed in Continuous Integration (CI) logs. This vulnerability, addressed in Composer versions 2.9.8, 2.2.28 LTS, and 1.10.28, was triggered by GitHub's new token format that included a hyphen, invalidating previous validation patterns and causing tokens to be printed in error logs if rejected. Although GitHub has rolled back the token format change, thereby reducing the immediate risk, updating Composer remains critical, particularly for projects using GitHub Actions where tokens might be exposed through common workflows. Despite the rollback, teams are advised to review logs for any leaked tokens, remove affected entries, and verify for any unexpected activities. Additionally, this incident underscores the importance of treating tokens as opaque strings and avoiding validation against hardcoded patterns, as platforms like GitHub continue to evolve token formats for security reasons.
May 13, 2026
603 words in the original blog post.
Socket has been recognized on the Rising in Cyber 2026 list, which highlights promising private cybersecurity startups, as selected by CISOs and executives from major organizations. Created by Notable Capital with input from Morgan Stanley, the list identifies 30 companies reshaping enterprise security. The accompanying report reveals a rapid increase in AI adoption, with many firms already deploying AI agents, but only a small fraction considering their AI security measures as advanced. It forecasts the cybersecurity market to grow significantly, reaching $255 billion by 2029, and underscores the challenges AI introduces, particularly in managing the software supply chain, which increasingly relies on open-source components. Socket aims to secure these components, ensuring faster development without compromising security, thereby aligning with the ongoing efforts to enhance enterprise security in the AI-driven landscape.
May 12, 2026
266 words in the original blog post.
The Socket Threat Research team uncovered a security breach involving 84 npm packages within the tanstack namespace, where malicious code was inserted to steal credentials from CI systems like GitHub Actions. This breach, flagged quickly by Socket AI Scanner, is notable due to the high download rates of affected packages, such as @tanstack/react-router, impacting the software supply chain significantly. The attack involved complex obfuscation tactics and a specially crafted router_init.js file, which facilitated unauthorized access to CI environment secrets and allowed the compromised code to persist on developer machines. The attacker utilized a GitHub account, voicproducoes, and propagated the malicious code through npm's OIDC mechanism, disguising the attack with valid Sigstore attestations to appear legitimate. TanStack responded by deprecating affected versions, collaborating with npm security for tarball removal, and implementing workflow hardening measures. The compromise is linked to the broader Mini Shai-Hulud campaign, emphasizing the need for immediate triage and secret rotation on affected systems.
May 11, 2026
7,030 words in the original blog post.
Socket has released free Certified Patches for a critical sandbox escape vulnerability in vm2, a JavaScript sandboxing library used in Node.js applications, which allows attacker-controlled JavaScript to escape the sandbox and execute arbitrary commands. The vulnerability, identified as GHSA-ffh4-j6h5-pg66 and CVE-2026-26956, initially appeared to affect vm2 version 3.10.4 and Node 25 only, but further testing by Socket revealed a broader range of affected versions, spanning 0.2.2 through 3.10.4, on Node.js 24.15.0 and any version that exposes WebAssembly.JSTag. This discrepancy prompted Socket to update the advisory on GitHub, emphasizing the importance of accurate metadata for security scanners and dependency management tools. The patches provide a minimal fix for vulnerable versions, allowing teams to address the issue without a full dependency upgrade, and are available for free to all users, including non-customers. Socket advises organizations to upgrade to vm2 3.10.5 or later, apply the Certified Patch if needed, and review their isolation models, especially given vm2's history of sandbox escape vulnerabilities, to ensure sandboxed workloads are run with the least privilege and stronger isolation measures, such as separate processes or containers, for executing untrusted code.
May 08, 2026
607 words in the original blog post.
A dispute over maintainer access in the popular Go library fsnotify raised concerns about potential takeovers after contributors were removed from the project's GitHub organization, though no evidence of compromised releases has been found. The situation highlighted issues with unclear maintainer roles, release access, and review norms, which can quickly become problematic for downstream users relying on the library for cross-platform filesystem notifications. The controversy began when Yasuhiro Matsumoto, a notable Go developer, reported losing access to the project, sparking a heated discussion about maintainer roles. Project maintainer Martin Tournoij defended the access removals as necessary for trust and quality control, refuting claims of a hostile takeover. Matsumoto later acknowledged mistakes in his actions and apologized, emphasizing his intent to help address the project's lack of updates. The incident underscored the challenges of governance ambiguity in open-source projects, prompting users to consider forks or alternatives and illustrating the blurred lines between maintainer disputes and potential supply chain vulnerabilities.
May 08, 2026
1,352 words in the original blog post.
Socket's Threat Research Team identified five malicious NuGet packages published under the account bmrxntfj that mimic popular Chinese .NET libraries, embedding a .NET Reactor-protected infostealer payload targeting credentials from browsers, cryptocurrency wallets, and other sensitive data. These packages have been downloaded approximately 65,000 times, risking widespread credential theft among developers and CI/CD servers. Each package masquerades as a legitimate library by copying namespaces and using sophisticated techniques like version rotation to evade detection, while exfiltrating data to a C2 domain. The packages exploit the .NET JIT pipeline to execute their payloads stealthily on any machine that restores them, with the threat actor employing evasion tactics such as anti-tamper checks and process injection. Despite takedown requests, these packages remain available, necessitating vigilance from developers and security teams to identify and mitigate this supply chain threat, which exhibits characteristics consistent with known malicious actors as indicated by shared obfuscation techniques and infrastructure.
May 06, 2026
2,840 words in the original blog post.
pnpm 11 introduces new supply chain protections aimed at enhancing the security of package installations by default, in response to recent supply chain attacks targeting npm, PyPI, and Packagist. Key features include a Minimum Release Age of 24 hours to delay the resolution of newly published package versions, blocking of exotic subdependencies to prevent unexpected dependency sources, and a new Allow Builds model for managing dependency build scripts. These changes reflect the evolving role of package managers in enforcing security decisions beyond simple dependency resolution. Additionally, pnpm 11 brings several updates, such as native publishing commands, built-in SBOM generation, audit fixes through lockfile updates, improved install performance with a SQLite-backed store index, and isolated global installs. Looking ahead, pnpm v12 plans to introduce a Rust installation engine to further enhance performance, with early benchmarks showing significant speed improvements.
May 04, 2026
924 words in the original blog post.
The GitHub account BufferZoneCorp has been identified as part of a software supply chain attack targeting developers by publishing malicious Ruby gems and Go modules. These malicious packages are designed to exfiltrate sensitive information, such as environment variables and credential files, to a hidden endpoint. Ruby gems automate secret theft by capturing environment variables and local credential materials, while Go modules execute various malicious activities, such as modifying trust settings, tampering with dependency resolution, and planting fake wrappers. Despite reporting, the Ruby gems and the GitHub account are still active, although the Go Security team has taken action against the identified Go modules. The campaign employs techniques like typosquatting and masquerading as legitimate tools to deceive developers, creating a persistent threat that requires vigilance in monitoring and removing compromised packages and reviewing affected systems and workflows for unauthorized changes.
May 01, 2026
2,574 words in the original blog post.
PyPI has addressed two high-severity security flaws identified during an external audit by Trail of Bits, funded by the Sovereign Tech Agency, which focused on the Warehouse application that powers PyPI. These flaws involved access control issues, where organization members could invite new owners through a loophole in permission settings, and stale team permissions that persisted after project transfers, potentially allowing unauthorized access. The audit, conducted from February to March 2026, revealed 14 findings, including issues with authentication, metadata consistency, and authorization enforcement. PyPI has since remedied most of these issues, implementing changes like stricter permission requirements for role invitations and deleting outdated team project roles during transfers. However, an unresolved issue remains with the validation of metadata embedded in wheel files, which could lead to discrepancies between declared and actual package dependencies. The audit underscores the importance of ongoing funding for the security of open-source projects, as demonstrated by the critical role of the Sovereign Tech Agency's support in enabling PyPI to address these vulnerabilities.
May 01, 2026
1,409 words in the original blog post.