Introducing Supply Chain Attack Campaigns Tracking in the Socket Dashboard

Open-source package registries have increasingly become targets for supply chain attacks, with npm being significantly affected. These attacks, such as the Shai-Hulud campaign and the Contagious Interview operation, are often coordinated and long-term, leading to a visibility gap in identifying whether a malicious package is part of a larger campaign. To address this, Socket has introduced a Threat Intel page in its dashboard, which includes a Campaigns view to track active supply chain attacks and assess their impact on organizations. This feature allows users to quickly determine whether they are affected by an attack, view affected repositories, and access detailed campaign context. The page facilitates rapid investigation and response by linking campaign context to package details and remediation workflows, and it plans to expand to include more comprehensive threat intelligence and integration options. The goal is to help organizations better understand and respond to evolving threats within their environment.