| 3 |
Malicious NPM Campaign Targets Ethereum Developers with Fake Hardhat Packages |
2025-01-03 |
| 4 |
Gmail for Exfiltration: Malicious NPM Packages Target Solana Private Keys and |
2025-01-08 |
| 3 |
Weaponizing OAST: Malicious Packages Exploit NPM, PyPI, and RubyGems |
2025-01-04 |
| 2 |
Kill Switch Hidden in NPM Packages Typosquatting Chalk and Chokidar |
2025-01-13 |
| 2 |
Pnpm 10.0.0 Blocks Lifecycle Scripts by Default |
2025-01-10 |
| 2 |
Socket Now Supports Uv.lock Files |
2025-01-09 |
| 2 |
New Python Packaging Proposal Aims to Solve Phantom Dependency Problem With |
2025-01-07 |
| 2 |
The Cyber Security Council Podcast: Securing Modern Applications in A |
2025-01-06 |
| 40 |
Curl Project and Go Security Teams Reject CVSS as Broken |
2025-01-24 |
| 4 |
Bun 1.2 Released with 90% Node.js Compatibility and Built-In S3 Object Support |
2025-01-22 |
| 17 |
Go Supply Chain Attack: Malicious Package Exploits Go Module Proxy Caching For |
2025-02-04 |
| 7 |
North Korean Apt Lazarus Targets Developers with Malicious NPM Package |
2025-01-30 |
| 4 |
Opengrep Emerges as Open Source Alternative Amid Semgrep Licensing Controversy |
2025-01-28 |
| 3 |
Fluent Assertions Faces Backlash After Abandoning Open Source Licensing |
2025-01-20 |
| 3 |
PyPI's New Archival Feature Closes a Major Security Gap |
2025-01-30 |
| 3 |
Node.js EOL Versions CVE Dubbed the Worst CVE of the Year by Security Experts |
2025-01-24 |
| 3 |
Malicious PyPI Package 'Pycord-Self' Targets Discord Developers with Token Theft |
2025-01-16 |
| 2 |
Socket Joins TC54 to Help Shape the Future of SBOMs, CycloneDX, and PURL |
2025-01-31 |
| 2 |
Outgoing Biden Administration Issues Sweeping Executive Order on AI-Driven |
2025-01-22 |
| 2 |
UK Officials Consider Banning Ransomware Payments from Public Entities |
2025-01-16 |
| 2 |
38% of CISOs Fear They're Not Moving Fast Enough on AI |
2025-02-04 |
| 8 |
PyPI Now Supports iOS and Android Wheels for Mobile Python Development |
2025-02-12 |
| 6 |
Linux Foundation Warns Open Source Developers: Compliance with Sanctions Is Not |
2025-02-07 |
| 7 |
TC39 advances proposals for RegExp Escaping, Float16Array, Redeclarable vars |
2025-02-20 |
| 6 |
React Team Updates CRA Migration Guidance After Community Pushback |
2025-02-19 |
| 6 |
Deno 2.2 Improves Dependency Management and Expands Node.js Compatibility |
2025-02-20 |
| 3 |
Malicious PyPI Package Exploits Deezer API for Coordinated Music Piracy |
2025-02-26 |
| 3 |
Create React App Officially Deprecated Amid React 19 Compatibility Issues |
2025-02-11 |
| 3 |
Maven Central Adds Sigstore Signature Validation |
2025-02-06 |
| 1 |
Oracle Drags Its Feet in the JavaScript Trademark Dispute |
2025-02-07 |
| 11 |
Typosquatted Go Packages Deliver Malware Loader Targeting Linux and macOS |
2025-03-04 |
| 9 |
Free Software Foundation Goes to Bat for AGPL in Amicus Brief Criticizing |
2025-03-06 |
| 4 |
New PyPI Malware 'Set-Utils' Exfiltrates Ethereum Private Keys Through |
2025-03-05 |
| 4 |
Bybit Hack Puts Crypto Losses at $1.6B, Surpassing All of Last Year in Just Two |
2025-03-04 |
| 3 |
Tick Tock, Your Credentials Are Gone: The Maven Package with a Monthly Theft |
2025-03-14 |
| 3 |
The Pair Program Podcast: Feross Aboukhadijeh on Preserving Trust in Open Source |
2025-03-10 |
| 3 |
OpenSSF Launches Open Source Project Security Baseline to Strengthen Software |
2025-02-28 |
| 2 |
Socket and Seal Security Collaborate to Fix Critical NPM Overrides Bug |
2025-03-12 |
| 2 |
Opengrep Launches Playground in Alpha: A Faster, More Stable Environment For |
2025-03-07 |
| 2 |
Michigan TypeScript Founder Successfully Runs Doom Inside TypeScript's Type |
2025-02-28 |
| 8 |
Python Adopts Standard Lock File Format for Reproducible Installs |
2025-04-01 |
| 31 |
AI Hallucinations Are Fueling a New Class of Supply Chain Attacks |
2025-04-12 |
| 6 |
Obfuscation 101: Unmasking the Tricks Behind Malicious Code |
2025-03-28 |
| 5 |
CISA Extends Mitre Contract as Crisis Accelerates Alternative CVE Coordination |
2025-04-16 |
| 7 |
.NET Support in Socket |
2025-04-21 |
| 6 |
Repository Labels and Security Policies |
2025-04-22 |
| 5 |
CISA Rebuffs Funding Concerns as CVE Foundation Draws Criticism |
2025-04-24 |
| 10 |
Wget to Wipeout: Malicious Go Modules Fetch Destructive Payload |
2025-05-01 |
| 5 |
Using Trusted Protocols Against You: Gmail as a C2 Mechanism |
2025-04-30 |
| 5 |
NPM targeted by malware campaign mimicking familiar library names |
2025-05-02 |
| 4 |
Go Support Is Now Generally Available |
2025-04-17 |
| 4 |
Vlt Launches Real-Time Dependency Analysis Powered by Socket |
2025-04-17 |
| 4 |
Oxlint Now in Beta with 500 Built-In Rules and 2X Faster JavaScript Linting |
2025-03-18 |
| 3 |
A New Overview in Our Dashboard |
2025-04-29 |
| 3 |
Module Reachability: Focus on the Vulnerabilities That Matter |
2025-04-23 |
| 3 |
The Bad Seeds: Malicious NPM and PyPI Packages Pose as Developer Tools to Steal |
2025-04-22 |
| 3 |
Malicious NPM Package Disguised as Advcash Integration Triggers Reverse Shell |
2025-04-14 |
| 3 |
Malicious PyPI Package Targets WooCommerce Stores with Automated Carding Attacks |
2025-04-03 |
| 3 |
OpenGrep Restores Fingerprinting in JSON and Sarif Outputs |
2025-03-31 |
| 3 |
NVD Concedes Inability to Keep Pace with Surging CVE Disclosures in 2025 |
2025-03-28 |
| 3 |
GitHub Actions Supply Chain Attack Puts Projects at Risk |
2025-03-17 |
| 2 |
Historical Analytics – Now in Beta |
2025-04-24 |
| 2 |
Turtles, Clams, and Cyber Threat Actors: Shell Usage |
2025-04-11 |
| 2 |
VulnCon 2025: NVD Scraps Industry Consortium Plan, Raising Questions About |
2025-04-11 |
| 2 |
A New Design for GitHub PR Comments |
2025-04-10 |
| 2 |
Safari 18.4 Ships 3 New JavaScript Features from the TC39 Pipeline |
2025-04-04 |
| 2 |
The Socket Team at RSAC and BSidesSF 2025 |
2025-03-27 |
| 2 |
Node.js TSC Votes to Stop Distributing Corepack |
2025-03-19 |
| 2 |
Black Basta's Dependency Confusion Ambitions and Ransomware in Open Source |
2025-03-19 |
| 11 |
AI Slop Is Polluting Bug Bounty Platforms with Fake Vulnerability Reports |
2025-05-07 |
| 3 |
Backdooring the IDE: Malicious NPM Packages Hijack Cursor Editor on macOS |
2025-05-10 |
| 3 |
Malicious NPM Packages Use Telegram to Exfiltrate BullX Credentials |
2025-05-08 |
| 14 |
Open Source Maintainers Demand Ability to Block Copilot-Generated Issues and PRs |
2025-05-20 |
| 6 |
The Growing Risk of Malicious Browser Extensions |
2025-06-13 |