Flux
Couleur d'accent
Toutes les catégories

Cybersécurité

144 articles

Socket Firewall Now Blocks Malicious VS Code and Open VSX Extensions
Cybersécurité Programmation

Socket Firewall Now Blocks Malicious VS Code and Open VSX Extensions

In May 2026, GitHub disclosed that attackers compromised an employee device through a poisoned third-party VS Code extension, allowing them to exfiltrate roughly 3,800 GitHub-internal repositories. The extension was Nx Console 18.95.0, a malicious release that reached both the Visual Studio Marketplace and Open VSX before removal. That incident should change how security teams think about editor extensions. Socket researchers have also documented repeated GlassWorm attacks across Open VSX,…

Socket
140+ Mastra npm Packages Compromised in Coordinated Supply Chain Attack
Cybersécurité Programmation

140+ Mastra npm Packages Compromised in Coordinated Supply Chain Attack

Socket has detected a malicious npm supply chain campaign involving compromised @mastra/* packages published under the Mastra namespace. A single npm account (ehindero) mass-published more than 140 malicious packages across the Mastra scope within a short window on 2026-06-17. The compromised package versions themselves contain unmodified code; the attack is delivered through an injected dependency, a typosquatted package named easy-day-js added to each package's dependency list. easy-day-js…

Socket
npm Package Uses Prompt Injection and Token Flooding to Disrupt AI Malware Scanners
Cybersécurité Programmation

npm Package Uses Prompt Injection and Token Flooding to Disrupt AI Malware Scanners

Last week, Socket Threat Research reported that newer Mini Shai-Hulud, Miasma, and Hades packages were embedding fake prompt-injection headers before obfuscated JavaScript payloads. Those comments did not affect runtime execution, but they appeared designed to interfere with AI-assisted malware review. Now we are seeing that same idea tested more directly in a package that appears designed to probe how AI-based scanners handle prompt injection, safety-triggering content, and context flooding.…

Socket
Introducing Manifest Alerts
Cybersécurité Programmation

Introducing Manifest Alerts

Socket now detects missing lockfiles with Manifest Alerts, a new kind of alert for supply chain risks found in project manifests. The feature was built in response to a real problem customers faced during the Axios npm compromise. Due to the complexities of modern dependency resolution, the blast radius of this incident was much wider than it initially appeared. Exposure was not limited to projects that directly depended on the compromised Axios version. For teams with committed lockfiles and…

Socket
GlassWASM: WebAssembly Malware Found in Trojanized Open VSX Extensions
Cybersécurité Programmation

GlassWASM: WebAssembly Malware Found in Trojanized Open VSX Extensions

Socket’s Threat Research team discovered compiled WebAssembly malware embedded in trojanized code extensions for Visual Studio Code. At the time of publication, we identified the following affected package versions on the Open VSX marketplace: exargd/vsblack@0.0.1 noellee-doc/flint-debug@0.1.1 These extensions ship a WebAssembly payload behind a renamed TinyGo loader, and both auto-execute it on extension activation via an appended bootstrap that instantiates the module with go.run(). The…

Socket
Socket for Linear Is Now Available
Cybersécurité Programmation

Socket for Linear Is Now Available

When Socket flags a malicious package or a vulnerable dependency, some fixes are quick: bump a version, drop a package, patch and move on. Plenty of others need to be tracked, assigned to the right person, and prioritized against everything else a team is working on. That kind of work lives in an issue tracker. Linear has earned a loyal following among engineering teams, prized for its speed and the clarity of its workflow. So today we're excited to announce Socket for Linear, which plugs…

Socket
US Government Forces Anthropic to Pull Claude Fable Days After Launch
Cybersécurité Programmation

US Government Forces Anthropic to Pull Claude Fable Days After Launch

For three days, Claude Fable 5 had users around the world one-shotting work they expected to take days or weeks: major code reviews, migrations, long-running builds, and projects some described as career-changing. Then access disappeared. If you were waiting for the weekend to try Claude Fable 5, you’re out of luck. Anthropic suspended access to Claude Fable 5 and Claude Mythos 5 on Friday night after receiving a US government export control directive blocking access by foreign nationals,…

Socket
152 Chrome Live Wallpaper Extensions Hid Ad Tracking and Faked Google Search Traffic
Cybersécurité Programmation

152 Chrome Live Wallpaper Extensions Hid Ad Tracking and Faked Google Search Traffic

Socket's Threat Research Team identified a family of 152 Chrome Web Store new-tab "live wallpaper" extensions, built from one shared codebase but distributed across 38 separate Chrome Web Store publisher accounts and three brand backends, carrying a combined total of approximately 105,000 reported installs. Every listing declares on the Chrome Web Store that it will not collect or use user data, while the linked privacy policy admits the opposite: that the extensions log IP addresses, ISP,…

Socket
Andrew Becherer Joins Socket as Chief Information Security Officer
Cybersécurité Programmation

Andrew Becherer Joins Socket as Chief Information Security Officer

AI now writes as much as 90% of code at top engineering organizations, and the developers downstream of that code pull in open source they've never reviewed. Package hijackings and maintainer compromises that were once a handful of incidents a year now happen weekly. Modern engineering organizations depend on open source to ship faster, and they need security partners who can keep pace with that shift. Today, we're welcoming Andrew Becherer as Socket's first Chief Information Security Officer.…

Socket
Socket Partners with Replit to Block Malicious Packages in AI-Powered Development
Cybersécurité Programmation

Socket Partners with Replit to Block Malicious Packages in AI-Powered Development

The way software gets built is changing fast. Developers are no longer the only ones choosing dependencies. AI agents can now recommend, install, and wire open source packages into applications as part of the build process. Replit is at the center of that shift, giving millions of builders a faster path from idea to working software. As more of that work happens inside AI-powered workflows, dependency security has to move closer to the moment packages are selected and installed. Socket Firewall…

Socket
npm Tooling Bug Incorrectly Marks One-Character Packages as Security Holders
Cybersécurité Programmation

npm Tooling Bug Incorrectly Marks One-Character Packages as Security Holders

npm incorrectly applied security-holder metadata to multiple one-character packages, including letters, numbers, and the - package. Socket reviewed public npm registry metadata and found several affected packages had been assigned 0.0.1-security or 0.0.1-security.0 versions, with the latest dist-tag moved to the security placeholder. Older package versions remained available. npm confirmed the markings were not intentional and that they are working on rolling it back. “This happened due to a…

Socket
Mini Shai-Hulud, Miasma, and Hades Worms Target Bioinformatics and MCP Developers via Malicious PyPI Wheels
Cybersécurité Programmation

Mini Shai-Hulud, Miasma, and Hades Worms Target Bioinformatics and MCP Developers via Malicious PyPI Wheels

Socket Threat Research team identified a newer PyPI wave connected to the broader Mini Shai-Hulud, Miasma, and Hades supply chain attacks. This wave expands beyond the 37 malicious PyPI wheels covered in our weekend report and shows that the threat actors are iterating quickly across delivery mechanisms, package themes, and runtime triggers. The campaign has since added 23 newly identified PyPI package-version artifacts, expanding beyond the 37 malicious PyPI wheels covered in our weekend…

Socket
Shai-Hulud Descends to Hades: Miasma Worm Campaign Spreads with New PyPI Wave
Cybersécurité Programmation

Shai-Hulud Descends to Hades: Miasma Worm Campaign Spreads with New PyPI Wave

Socket detected a coordinated PyPI compromise involving 37 malicious wheel artifacts across 19 packages. The compromised releases shipped a *-setup.pth file that attempts to execute automatically during Python startup, download the Bun JavaScript runtime, and run an obfuscated JavaScript payload named _index.js. Socket’s AI malware detection system identified the malicious package cluster minutes after publication. The attack is cross-runtime, and the tradecraft is unmistakably Shai-Hulud /…

Socket
RubyGems Adds Cooldown Feature to Bundler for Newly Published Gems
Cybersécurité Programmation

RubyGems Adds Cooldown Feature to Bundler for Newly Published Gems

RubyGems and Bundler 4.0.13 introduced an opt-in cooldown feature that can delay installation of newly published gem versions, bringing a time-based supply chain defense to Ruby’s package management workflow. The feature allows developers to configure Bundler so it will not resolve to a gem version until it has been public for a set number of days. In the example published by RubyGems maintainer Hiroshi SHIBATA, a project can add a cooldown directly to its Gemfile: source…

Socket
pnpm 11.5 Adds Support for Recognizing npm Staged Publishes
Cybersécurité Programmation

pnpm 11.5 Adds Support for Recognizing npm Staged Publishes

pnpm 11.5 now treats npm staged publishing approvals as strong trust evidence, fixing a false-positive downgrade warning that could appear when packages used npm’s newer 2FA-backed release flow. The change lands as npm continues tightening package publishing controls after a series of credential theft and token abuse incidents. In the Mini Shai-Hulud campaign, attackers used stolen npm tokens to publish malicious package versions, prompting npm to invalidate granular access tokens and…

Socket
Esc