| 3 |
Malicious NPM Campaign Targets Ethereum Developers with Fake Hardhat Packages |
2025-01-03 |
| 4 |
Gmail for Exfiltration: Malicious NPM Packages Target Solana Private Keys and |
2025-01-08 |
| 3 |
Weaponizing OAST: Malicious Packages Exploit NPM, PyPI, and RubyGems |
2025-01-04 |
| 2 |
Kill Switch Hidden in NPM Packages Typosquatting Chalk and Chokidar |
2025-01-13 |
| 2 |
Pnpm 10.0.0 Blocks Lifecycle Scripts by Default |
2025-01-10 |
| 2 |
Socket Now Supports Uv.lock Files |
2025-01-09 |
| 2 |
New Python Packaging Proposal Aims to Solve Phantom Dependency Problem With |
2025-01-07 |
| 2 |
The Cyber Security Council Podcast: Securing Modern Applications in A |
2025-01-06 |
| 40 |
Curl Project and Go Security Teams Reject CVSS as Broken |
2025-01-24 |
| 4 |
Bun 1.2 Released with 90% Node.js Compatibility and Built-In S3 Object Support |
2025-01-22 |
| 17 |
Go Supply Chain Attack: Malicious Package Exploits Go Module Proxy Caching For |
2025-02-04 |
| 7 |
North Korean Apt Lazarus Targets Developers with Malicious NPM Package |
2025-01-30 |
| 4 |
Opengrep Emerges as Open Source Alternative Amid Semgrep Licensing Controversy |
2025-01-28 |
| 3 |
Fluent Assertions Faces Backlash After Abandoning Open Source Licensing |
2025-01-20 |
| 3 |
PyPI's New Archival Feature Closes a Major Security Gap |
2025-01-30 |
| 3 |
Node.js EOL Versions CVE Dubbed the Worst CVE of the Year by Security Experts |
2025-01-24 |
| 3 |
Malicious PyPI Package 'Pycord-Self' Targets Discord Developers with Token Theft |
2025-01-16 |
| 2 |
Socket Joins TC54 to Help Shape the Future of SBOMs, CycloneDX, and PURL |
2025-01-31 |
| 2 |
Outgoing Biden Administration Issues Sweeping Executive Order on AI-Driven |
2025-01-22 |
| 2 |
UK Officials Consider Banning Ransomware Payments from Public Entities |
2025-01-16 |
| 2 |
38% of CISOs Fear They're Not Moving Fast Enough on AI |
2025-02-04 |
| 8 |
PyPI Now Supports iOS and Android Wheels for Mobile Python Development |
2025-02-12 |
| 6 |
Linux Foundation Warns Open Source Developers: Compliance with Sanctions Is Not |
2025-02-07 |
| 7 |
TC39 advances proposals for RegExp Escaping, Float16Array, Redeclarable vars |
2025-02-20 |
| 6 |
React Team Updates CRA Migration Guidance After Community Pushback |
2025-02-19 |
| 6 |
Deno 2.2 Improves Dependency Management and Expands Node.js Compatibility |
2025-02-20 |
| 3 |
Malicious PyPI Package Exploits Deezer API for Coordinated Music Piracy |
2025-02-26 |
| 3 |
Create React App Officially Deprecated Amid React 19 Compatibility Issues |
2025-02-11 |
| 3 |
Maven Central Adds Sigstore Signature Validation |
2025-02-06 |
| 1 |
Oracle Drags Its Feet in the JavaScript Trademark Dispute |
2025-02-07 |
| 11 |
Typosquatted Go Packages Deliver Malware Loader Targeting Linux and macOS |
2025-03-04 |
| 9 |
Free Software Foundation Goes to Bat for AGPL in Amicus Brief Criticizing |
2025-03-06 |
| 4 |
New PyPI Malware 'Set-Utils' Exfiltrates Ethereum Private Keys Through |
2025-03-05 |
| 4 |
Bybit Hack Puts Crypto Losses at $1.6B, Surpassing All of Last Year in Just Two |
2025-03-04 |
| 3 |
Tick Tock, Your Credentials Are Gone: The Maven Package with a Monthly Theft |
2025-03-14 |
| 3 |
The Pair Program Podcast: Feross Aboukhadijeh on Preserving Trust in Open Source |
2025-03-10 |
| 3 |
OpenSSF Launches Open Source Project Security Baseline to Strengthen Software |
2025-02-28 |
| 2 |
Socket and Seal Security Collaborate to Fix Critical NPM Overrides Bug |
2025-03-12 |
| 2 |
Opengrep Launches Playground in Alpha: A Faster, More Stable Environment For |
2025-03-07 |
| 2 |
Michigan TypeScript Founder Successfully Runs Doom Inside TypeScript's Type |
2025-02-28 |
| 8 |
Python Adopts Standard Lock File Format for Reproducible Installs |
2025-04-01 |
| 31 |
AI Hallucinations Are Fueling a New Class of Supply Chain Attacks |
2025-04-12 |
| 6 |
Obfuscation 101: Unmasking the Tricks Behind Malicious Code |
2025-03-28 |
| 5 |
CISA Extends Mitre Contract as Crisis Accelerates Alternative CVE Coordination |
2025-04-16 |
| 7 |
.NET Support in Socket |
2025-04-21 |
| 6 |
Repository Labels and Security Policies |
2025-04-22 |
| 5 |
CISA Rebuffs Funding Concerns as CVE Foundation Draws Criticism |
2025-04-24 |
| 10 |
Wget to Wipeout: Malicious Go Modules Fetch Destructive Payload |
2025-05-01 |
| 5 |
Using Trusted Protocols Against You: Gmail as a C2 Mechanism |
2025-04-30 |
| 5 |
NPM targeted by malware campaign mimicking familiar library names |
2025-05-02 |
| 4 |
Go Support Is Now Generally Available |
2025-04-17 |
| 4 |
Vlt Launches Real-Time Dependency Analysis Powered by Socket |
2025-04-17 |
| 4 |
Oxlint Now in Beta with 500 Built-In Rules and 2X Faster JavaScript Linting |
2025-03-18 |
| 3 |
A New Overview in Our Dashboard |
2025-04-29 |
| 3 |
Module Reachability: Focus on the Vulnerabilities That Matter |
2025-04-23 |
| 3 |
The Bad Seeds: Malicious NPM and PyPI Packages Pose as Developer Tools to Steal |
2025-04-22 |
| 3 |
Malicious NPM Package Disguised as Advcash Integration Triggers Reverse Shell |
2025-04-14 |
| 3 |
Malicious PyPI Package Targets WooCommerce Stores with Automated Carding Attacks |
2025-04-03 |
| 3 |
OpenGrep Restores Fingerprinting in JSON and Sarif Outputs |
2025-03-31 |
| 3 |
NVD Concedes Inability to Keep Pace with Surging CVE Disclosures in 2025 |
2025-03-28 |
| 3 |
GitHub Actions Supply Chain Attack Puts Projects at Risk |
2025-03-17 |
| 2 |
Historical Analytics – Now in Beta |
2025-04-24 |
| 2 |
Turtles, Clams, and Cyber Threat Actors: Shell Usage |
2025-04-11 |
| 2 |
VulnCon 2025: NVD Scraps Industry Consortium Plan, Raising Questions About |
2025-04-11 |
| 2 |
A New Design for GitHub PR Comments |
2025-04-10 |
| 2 |
Safari 18.4 Ships 3 New JavaScript Features from the TC39 Pipeline |
2025-04-04 |
| 2 |
The Socket Team at RSAC and BSidesSF 2025 |
2025-03-27 |
| 2 |
Node.js TSC Votes to Stop Distributing Corepack |
2025-03-19 |
| 2 |
Black Basta's Dependency Confusion Ambitions and Ransomware in Open Source |
2025-03-19 |
| 11 |
AI Slop Is Polluting Bug Bounty Platforms with Fake Vulnerability Reports |
2025-05-07 |
| 3 |
Backdooring the IDE: Malicious NPM Packages Hijack Cursor Editor on macOS |
2025-05-10 |
| 3 |
Malicious NPM Packages Use Telegram to Exfiltrate BullX Credentials |
2025-05-08 |
| 14 |
Open Source Maintainers Demand Ability to Block Copilot-Generated Issues and PRs |
2025-05-20 |
| 6 |
The Growing Risk of Malicious Browser Extensions |
2025-06-13 |
| 27 |
Libxml2 Maintainer Ends Embargoed Vulnerability Reports, Citing Unsustainable |
2025-06-18 |
| 6 |
Django Joins Curl in Pushing Back on AI Slop Security Reports |
2025-06-30 |
| 4 |
Node.js Homepage Adds Paid Support Link, Prompting Contributor Pushback |
2025-06-26 |
| 4 |
ECMAScript 2025 Finalized with Iterator Helpers, Set Methods, RegExp.escape, and |
2025-06-29 |
| 4 |
Protestware in JavaScript UI Toolkits on NPM Target Russian Language Sites |
2025-06-19 |
| 4 |
Node.js Moves Toward Stable TypeScript Support with Amaro 1.0 |
2025-06-11 |
| 4 |
Malicious Koishi Chatbot Plugin Exfiltrates Messages Triggered by 8-Character |
2025-05-19 |
| 3 |
Malicious 'Checker' Packages on PyPI Probe TikTok and Instagram for Valid |
2025-05-15 |
| 3 |
Malicious Python Package Typosquats Popular Passlib Library, Shuts Down Windows |
2025-06-24 |
| 3 |
Pnpm 10.12 Introduces Global Virtual Store and Expanded Version Catalogs |
2025-06-11 |
| 3 |
Malicious Ruby Gems Exfiltrate Telegram Tokens, Messages Following Vietnam Ban |
2025-06-03 |
| 3 |
Malicious NPM Package Wipes Codebases with Remote Trigger |
2025-05-30 |
| 3 |
Malicious NPM Packages |
2025-05-26 |
| 2 |
North Korean Contagious Interview Campaign Drops 35 New Malicious NPM Packages |
2025-06-25 |
| 2 |
2025 Blockchain and Cryptocurrency Threat Malware in the Open Source |
2025-06-12 |
| 2 |
NIST Under Federal Audit for NVD Processing Backlog and Delays |
2025-05-27 |
| 2 |
Node.js TSC Declines to Endorse Feature Bounty Program |
2025-05-15 |
| 2 |
The Landscape of Malicious Open Source Packages: 2025 Mid‑Year Threat Report |
2025-05-14 |
| 1 |
Python Tools Are Quickly Adopting the New pylock.toml Standard |
2025-06-24 |
| 10 |
Contagious Interview Campaign Escalates with 67 Malicious NPM Packages and New |
2025-07-14 |
| 7 |
Potemkin Understanding in LLMs: New Study Reveals Flaws in AI Benchmarks |
2025-07-05 |
| 3 |
Crates.io Implements Trusted Publishing Support |
2025-07-16 |
| 3 |
Socket at Black Hat and DEF Con 2025 in Las Vegas |
2025-07-13 |
| 3 |
Browserslist-Rs Gets Major Refactor, Cutting Binary Size by over 1MB |
2025-07-04 |
| 2 |
Tracking Protestware Spread: 28 NPM Packages Affected by Payload Targeting |
2025-07-16 |
| 1 |
Open Source Maintainers Feeling the Weight of the EU's Cyber Resilience Act |
2025-07-17 |
| 45 |
Prettier NPM Packages Compromised in Supply Chain Attack |
2025-07-19 |
| 14 |
NPM 'Is' Package Hijacked in Expanding Supply Chain Attack |
2025-07-22 |
| 8 |
Rust Support in Socket |
2025-07-31 |
| 13 |
Researcher Exposes 0-Day Clickjacking Vulnerabilities in Major Password Managers |
2025-08-19 |
| 8 |
New Website "Is It FOSS?" Tracks Transparency in Open Source Distribution |
2025-08-16 |
| 1231 |
Shai-Hulud malware attack: Tinycolor and over 40 NPM packages compromised |
2025-09-16 |
| 85 |
Active NPM supply chain attack: Tinycolor and 40 Packages Compromised |
2025-09-15 |
| 27 |
DuckDB NPM Account Compromised in Continuing Supply Chain Attack |
2025-09-09 |
| 5 |
Opengrep Adds Apex Support and New Rule Controls in Latest Updates |
2025-08-12 |
| 5 |
Bun 1.2.19 Adds Isolated Installs for Better Monorepo Support |
2025-07-22 |
| 4 |
NPM Author Qix Compromised via Phishing Email |
2025-09-08 |
| 4 |
Surveillance Malware Hidden in NPM and PyPI Packages Targets Developers With |
2025-07-23 |
| 4 |
Rust Support Now in Beta |
2025-09-11 |
| 4 |
Nx Investigation Reveals GitHub Actions Workflow Exploit Led to NPM Token Theft |
2025-09-03 |
| 4 |
Rspack Introduces Rslint, a TypeScript-First Linter Written in Go |
2025-08-20 |
| 4 |
Oxlint Introduces Type-Aware Linting Preview |
2025-08-18 |
| 4 |
Knip Hits 500 Releases with v5.62.0, Improving TypeScript Config Detection and |
2025-07-18 |
| 3 |
Rv Is a New Rust-Powered Ruby Version Manager Inspired by Python's Uv |
2025-09-05 |
| 3 |
Nx NPM Packages Compromised in Supply Chain Attack Weaponizing AI CLI Tools |
2025-08-27 |
| 3 |
Astral Launches Pyx: A Python-Native Package Registry |
2025-08-14 |
| 3 |
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation |
2025-09-17 |
| 3 |
Tier 1 Reachability: Precision CVE Triage for Enterprise Teams |
2025-09-09 |
| 3 |
Wallet-Draining NPM Package Impersonates Nodemailer to Hijack Crypto |
2025-08-29 |
| 3 |
Malicious Go Module Disguised as SSH Brute Forcer Exfiltrates Credentials Via |
2025-08-21 |
| 3 |
Malicious Ruby Gems Used in Targeted Credential Theft Campaign |
2025-08-08 |
| 3 |
TC39 Advances 11 Proposals for Math Precision, Binary APIs, and More |
2025-08-06 |
| 3 |
NPM Phishing Email Targets Developers with Typosquatted Domain |
2025-07-27 |
| 3 |
Toptal's GitHub Organization Hijacked: 10 Malicious Packages Published |
2025-07-23 |
| 2 |
Malicious NPM Packages Impersonate Flashbots SDKs, Targeting Ethereum Wallet |
2025-09-05 |
| 2 |
Static vs. Runtime Reachability: Insights from Latio's on the Record Podcast |
2025-08-13 |
| 2 |
Precomputed Reachability Analysis in Socket |
2025-07-30 |
| 2 |
Socket Now Protects the Chrome Extension Ecosystem |
2025-07-30 |
| 2 |
Socket MCP for Claude Desktop |
2025-07-29 |
| 1 |
Feross on Risky Business Weekly Podcast: NPM's Ongoing Supply Chain Attacks |
2025-09-10 |
| 30 |
Gem.Coop – Community-Run Alternative to Rubygems.org, Led by Former Maintainers |
2025-10-06 |
| 8 |
Socket Firewall: Free, Proactive Protection for Your Software Supply |
2025-09-30 |