Liens Tech - Janvier 2026
Ce mois-ci : scan de vulnérabilités, monitoring uptime, suivi des mises à jour Linux, documentation statique et un magazine scientifique à découvrir.
Lire
Bloquer l'accès Internet d'un périphérique avec UniFi Network
Bloquer l'accès Internet d'un objet connecté ou d'un appareil enfant avec UniFi Network : méthode mise à jour, compatible IPv4 et IPv6.
Lire
Répartition du trafic sur des chaussettes UDP avec eBPF et Go
Répartition du trafic sur des chaussettes UDP avec eBPF et Go
Akvorado collecte des flux sFlow et IPFIX via UDP. Comme UDP ne retransmet pas les paquets perdus, il faut les traiter rapidement. Akvorado exécute plusieurs routines écoutant sur le même port. Le noyau devrait répartir équitablement les paquets reçus entre ces routines. Cependant, cela ne fonctionne pas comme prévu. Quelques routines présentent une perte de paquets importante : $ curl -s 127.0.0.1:8080/api/v0/inlet/metrics \ > | sed -n s/akvorado_inlet_flow_input_udp_in_dropped//p…
Lire
À la conquête de Træfik
Récent 73 Open VSX Sleeper Extensions Linked to GlassWorm Show New Malware Activations
The GlassWorm campaign targeting Open VSX continues to escalate. Socket is now tracking a new cluster of 73 impersonation extensions connected to the same sleeper-extension activity reported in March 2026. Beginning in April 2026, and continuing as of this writing, additional cloned versions of popular code extensions have appeared on the Open VSX marketplace. These extensions did not initially contain malware, but they were published by newly created GitHub accounts with only one or two public…
Lire
Introducing Reachability for PHP
Security teams are already struggling to keep pace with the volume of vulnerability disclosures. Every week brings more CVEs, and the arrival of AI-assisted vulnerability research is only going to push that number higher. Teams that can't tell which disclosures actually matter for their application will fall behind quickly. PHP carries more of this weight than most ecosystems. Composer ranks third for CVE volume among package ecosystems, behind only Maven and npm, and PHP still runs a…
Lire
Introducing Data Exports
Security teams often need alert data in their own infrastructure, alongside the rest of their security telemetry. We're excited to share that Socket alert data can now flow directly into your own cloud storage. Today we're launching Data Exports, a new integration that automatically writes alert changes from Socket to a bucket you own in AWS S3, Google Cloud Storage, or Azure Blob Storage. Data Exports lets you to choose the format that fits your downstream systems, and decide whether you want…
Lire
Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign
Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign
Socket researchers discovered that the Bitwarden CLI was compromised as part of the ongoing Checkmarx supply chain campaign. The open source password manager serves more than 10 million users and over 50,000 businesses, and ranks among among the top three password managers by enterprise adoption. The affected package version appears to be @bitwarden/cli2026.4.0, and the malicious code was published in bw1.js, a file included in the package contents. The attack appears to have leveraged a…
Lire
Malicious Checkmarx Artifacts Found in Official KICS Docker Repository and Code Extensions
Docker alerted Socket to malicious images pushed to the official checkmarx/kics Docker Hub repository after internal monitoring flagged suspicious new activity around KICS image tags. Our investigation found that attackers appear to have overwritten existing tags, including v2.1.20 and alpine, while also introducing a new v2.1.21 tag that does not correspond to a legitimate upstream release. Analysis of the poisoned image indicates that the bundled KICS binary was modified to include data…
Lire
Introducing Organization Notifications in Socket
Today, we’re excited to launch Organization Notifications in Socket. This new feature gives teams a direct way to stay on top of organization alert activity without relying on someone to constantly watch the dashboard. With Organization Notifications, you can subscribe to organization-level alert events, filter the kinds of alerts you care about, and send batched updates to a configured destination. We're launching the email channel type first, and Slack and Microsoft Teams support are planned…
Lire
Namastex.ai npm Packages Hit with TeamPCP-Style CanisterWorm Malware
Last month, we responded to CanisterWorm, a worm-enabled npm supply chain campaign that compromised legitimate publisher space, replaced package contents with install-time malware, used stolen publishing access to republish malicious versions, and relied on an Internet Computer Protocol (ICP) canister as a dead-drop command and control (C2) channel. This campaign was attributed to a set of TeamPCP supply chain attacks. In this newly discovered npm incident, the malware uses the same core…
Lire
Introducing Reports: An Extensible Reporting Framework for Socket Data
Today, we’re introducing Reports, a new page in the Socket dashboard for chart-based views of vulnerabilities, dependencies, and usage. At launch, Reports includes five built-in charts across three categories, with support for organization-wide and repository-level views. It replaces the previous Analytics page with a more structured reporting experience in the dashboard. Built as an extensible reporting framework, the new page gives teams a more consistent way to work with and share Socket…
Lire
Socket for Jira Is Now Available
Security findings only matter if organizations can act on them. That usually means getting the right issues into the systems where engineering and security teams already work. Socket for Jira is now available, making it easy to turn Socket alerts into Jira issues and keep remediation work moving as alerts change over time. Teams can create tickets manually from individual alerts or set up automated ticketing rules to create, update, and resolve issues based on activity in Socket. The…
Lire
Socket Named Top Sales Organization by RepVue
Socket has been named a 2026 Reppy Award recipient by RepVue in two categories: Small Companies and Venture Capital Backed Companies. RepVue is the leading platform for B2B sales reps to rate their own employers, with more than 225,000 users, and Reppys recognize top-rated sales organizations based on employee ratings across categories like Culture & Leadership, Compensation, and Product-Market Fit. Socket earned a RepVue Score of 94.25, placing us in the top 5% of all companies on the…
Lire
NIST Officially Stops Enriching Most CVEs as Vulnerability Volume Skyrockets
NIST is moving to a risk-based enrichment model for the National Vulnerability Database, formally abandoning its longstanding goal of analyzing every submitted CVE. Starting immediately, the NVD will only enrich vulnerabilities that appear in CISA's Known Exploited Vulnerabilities (KEV) catalog, software used by the federal government, or software designated as critical under Executive Order 14028. Everything else gets labeled "Not Scheduled." The announcement came during VulnCon, where NVD…
Lire