Flux
Couleur d'accent
Toutes les catégories

Cybersécurité

144 articles

Federal Audit Finds NIST Wasted Funds With No Plan to Clear NVD Backlog
Cybersécurité Programmation

Federal Audit Finds NIST Wasted Funds With No Plan to Clear NVD Backlog

A newly released federal audit now documents NIST’s long-running NVD backlog, with findings that are hard to square with two years of public assurances that the database was being brought back under control. The U.S. Department of Commerce Office of Inspector General found that NIST had no strategic plan for the National Vulnerability Database, set a public deadline it did not have the capacity to meet, delayed use of CISA enrichment data, and spent taxpayer funds on duplicated vulnerability…

Socket
Mini Shai-Hulud Campaign Hits Red Hat Cloud Services npm Packages
Cybersécurité Programmation

Mini Shai-Hulud Campaign Hits Red Hat Cloud Services npm Packages

Socket has detected a malicious npm supply chain campaign involving compromised @redhat-cloud-services packages published under the Red Hat Cloud Services namespace. This is effectively a mini Shai-Hulud campaign: it uses the same core tactics of install-time execution, credential harvesting, CI/CD targeting, encrypted exfiltration, and potential downstream propagation. Since TeamPCP recently released Shai-Hulud as open source attack tooling while promoting a BreachForums contest for package…

Socket
Famous Chollima Targets PHP Developers Through Compromised Packagist Package
Cybersécurité Programmation

Famous Chollima Targets PHP Developers Through Compromised Packagist Package

We identified malicious obfuscated JavaScript appended to tailwind.js in the Packagist development version dev-drewroberts/feature/test-case of the PHP package roberts/leads. The package itself is a legitimate Laravel package associated with a maintainer, Drew Roberts. The malicious code appears isolated to a specific development branch, drewroberts/feature/test-case, exposed through Packagist as an installable dev version. Socket AI Scanner flagged dev-drewroberts/feature/test-case as known…

Socket
Rust Moves to Restrict LLM Use in Contributions After Months of Internal Debate
Cybersécurité Programmation

Rust Moves to Restrict LLM Use in Contributions After Months of Internal Debate

Rust has topped Stack Overflow's most-admired language survey for nine consecutive years. It's also become an increasingly attractive target for LLM-assisted development. The borrow checker and strict compiler that make Rust appealing for safety-critical systems also give LLMs an immediate feedback loop that other languages don't. The compiler catches errors the LLM introduces, which makes AI-assisted Rust development more reliable than in permissive languages where bad output can silently…

Socket
Malicious NuGet Package Impersonates Sicoob SDK to Exfiltrate Banking Certificates and Passwords
Cybersécurité Programmation

Malicious NuGet Package Impersonates Sicoob SDK to Exfiltrate Banking Certificates and Passwords

Sicoob.Sdk releases 2.0.0 through 2.0.4 exfiltrate client IDs, PFX passwords, and base64-encoded PFX certificate archive contents through a third-party Sentry endpoint. The linked GitHub repository appears to be a clean-source façade for the malicious NuGet artifact. We analyzed a Sicoob-branded NuGet package, Sicoob.Sdk, that claimed to be an official C# SDK for Sicoob API integrations. Sicoob, formally the Sistema de Cooperativas de Crédito do Brasil, is one of Brazil’s largest cooperative…

Socket
Feross on TBPN: Socket's Series C and the State of Software Supply Chain Security
Cybersécurité Programmation

Feross on TBPN: Socket's Series C and the State of Software Supply Chain Security

Socket CEO Feross Aboukhadijeh joined John Coogan and Jordi Hays on TBPN to discuss Socket's $60 million Series C led by Thrive Capital, the company's 500%+ ARR growth over the past 12 months, and why software supply chain security has moved to the top of the priority list at nearly every company. The 10-minute conversation covers three forces converging right now: AI generating more third-party code than ever before, frontier models surfacing massive volumes of vulnerabilities across operating…

Socket
OSV Withdraws 157 Malware Reports After Automated False Positives Hit npm and PyPI
Cybersécurité Programmation

OSV Withdraws 157 Malware Reports After Automated False Positives Hit npm and PyPI

OSV, the OpenSSF-backed vulnerability database, withdrew 157 malicious-package reports on May 26 after automated detections incorrectly flagged npm and PyPI packages as malware, pushing bad records for trusted projects into OSV-consuming security tools and CI/CD systems. The rollback happened in OpenSSF’s malicious-packages repository, where OSV-format records for malicious packages are maintained. A PR titled “Withdraw FastAPI v0.136.3 and other FPs reports,” began with a false-positive…

Socket
TrapDoor Crypto Stealer Supply Chain Attack Hits 34 Packages and Hundreds of Versions Across npm, PyPI, and Crates.io
Cybersécurité Programmation

TrapDoor Crypto Stealer Supply Chain Attack Hits 34 Packages and Hundreds of Versions Across npm, PyPI, and Crates.io

Socket researchers have identified an active crypto stealer supply chain attack spanning npm, PyPI, and Crates.io. The campaign, which Socket is tracking as TrapDoor, spans more than 34 malicious packages and 384+ related versions and artifacts across npm, PyPI, and Crates.io, with some already removed and others still live at the time of writing. The earliest package Socket observed was the PyPI package eth-security-auditor@0.1.0, uploaded on May 22, 2026 at 20:20:18 UTC, with the wheel…

Socket
Laravel Lang Compromised with RCE Backdoor Across 700+ Versions
Cybersécurité Programmation

Laravel Lang Compromised with RCE Backdoor Across 700+ Versions

A compromise affecting the community-maintained Laravel Lang project has introduced remote code execution backdoors across multiple packages in the organization, including laravel-lang/lang, laravel-lang/http-statuses, laravel-lang/attributes , and laravel-lang/actions across roughly 700+ historical versions. The affected packages are not part of the official Laravel framework. They are third-party localization packages used by Laravel applications. However, applications that installed…

Socket
Malicious Postinstall Hook Found Across 700+ GitHub Repositories, Including Packagist and Node.js Projects
Cybersécurité Programmation

Malicious Postinstall Hook Found Across 700+ GitHub Repositories, Including Packagist and Node.js Projects

Socket researchers identified a coordinated supply chain campaign affecting eight packages on Packagist whose upstream repositories were modified to include the same malicious postinstall script. The script attempted to download a Linux binary from a GitHub Releases URL, save it to /tmp/.sshd, make it executable, and run it in the background. Although the affected packages were all Composer packages, the malicious code was not added to composer.json. Instead, it was inserted into package.json,…

Socket
AI Has Taken Over Open Source
Cybersécurité Programmation

AI Has Taken Over Open Source

I’ve spent a lot of time looking at what the data reveals about open source, from the speed at which open source alternatives emerge to how maintainer compensation compares with the broader software industry. I’m interested in what the data says, not in predictions based on anecdotes. At Socket, I've had the privilege of accessing our massive database across all major ecosystems, including npm, PyPI, Go, and Rust. We essentially replicate all open source packages, including the very fringe…

Socket
npm Invalidates Granular Access Tokens as Mini Shai-Hulud Sweeps the Registry
Cybersécurité Programmation

npm Invalidates Granular Access Tokens as Mini Shai-Hulud Sweeps the Registry

npm has invalidated every granular access token with write access that bypasses two-factor authentication. The platform-wide credential reset rolled out on May 19, announced from npm's long-dormant X account. The registry posted the notice following an attack that used a hijacked maintainer account to publish hundreds of malicious package versions across the @antv ecosystem. "To prevent supply chain attacks following the pattern of Mini Shai Hulud, we invalidated npm granular access tokens with…

Socket
Coruna Respawned: Compromised art-template npm Package Leads to iOS Browser Exploit Kit
Cybersécurité Programmation

Coruna Respawned: Compromised art-template npm Package Leads to iOS Browser Exploit Kit

Early on May 20th, 2026, the Socket Threat Research team detected signals of a package compromise leading to a sophisticated payload targeting a broad range of iOS devices with a watering-hole attack similar in style to the delivery of the Coruna exploit kit. After careful analysis, a plethora of similarities to that campaign emerged, indicating that a threat actor intended to use a package supply-chain compromise to deliver iOS browser exploits. Repository Takeover Leads to Package Compromise…

Socket
Socket raises $60M Series C at $1B valuation led by Thrive Capital to secure AI-driven software development
Cybersécurité Programmation

Socket raises $60M Series C at $1B valuation led by Thrive Capital to secure AI-driven software development

Today we're announcing Socket's $60 million Series C at a $1 billion valuation, led by Thrive Capital, with participation from Andreessen Horowitz, Abstract Ventures, and Capital One Ventures. The round brings our total funding to $125 million and sets up the next phase of what we're building to protect the software supply chain. This is the moment we've been working toward since we started Socket. AI has changed how every engineering team writes and ships code, increasing the volume of open…

Socket
Socket Raises $60M Series C at a $1B Valuation to Help Enterprises Build Securely With AI
Cybersécurité Programmation

Socket Raises $60M Series C at a $1B Valuation to Help Enterprises Build Securely With AI

Led by Thrive Capital, the round brings Socket to unicorn status as enterprises race to adopt AI coding tools and look for ways to secure the third-party dependencies entering production without slowing down SAN FRANCISCO, May 20, 2026 – Socket today announced it has raised $60 million in Series C funding at a $1 billion valuation. Led by Thrive CapitaI, with participation from a16z, Abstract Ventures, and Capital One Ventures, the round will support Socket’s next phase of growth as more…

Socket
Esc