Flux
Couleur d'accent
Toutes les sources

Socket

89 articles Flux RSS
Cybersécurité Programmation
Frontier AI Is Now Critical Infrastructure Récent
Cybersécurité Programmation

Frontier AI Is Now Critical Infrastructure

Following its abrupt order on June 12th suspending global access to Claude Fable 5 and Mythos 5, the U.S. government's national security clampdown on Anthropic has escalated. The models, initially taken offline due to safety guardrail "jailbreaks," are now at the center of a total federal blackout that has completely re-defined the landscape of cloud-based AI vendor dependencies. The situation hit a boiling point when a front-page report from ⁠The New York Times revealed that even the National…

Socket
The Code You Didn't Write Is Still Yours to Defend Récent
Cybersécurité Programmation

The Code You Didn't Write Is Still Yours to Defend

Recently I asked an AI assistant to tidy a messy spreadsheet and chart the result. Nothing exotic. To do the work, it spun up a sandbox, pulled a handful of open source packages into that environment, and ran them. I didn't write any code. I didn't ask for any code. Packages I had never seen were fetched and executed on my behalf, and it was over in seconds. That was a software supply chain event. It happened in a workflow that no scanner, no registry proxy, and no review process was watching.…

Socket
GitHub Actions Checkout Now Blocks Risky pull_request_target Checkouts
Cybersécurité Programmation

GitHub Actions Checkout Now Blocks Risky pull_request_target Checkouts

GitHub has released actions/checkout v7 with a new default protection aimed at one of the most persistent GitHub Actions supply chain risks: privileged workflows that check out and execute code from untrusted pull requests. The change makes actions/checkout refuse common “pwn request” patterns when workflows run under pull_request_target or certain workflow_run events. These workflows execute in the context of the base repository, giving them access to the base repo’s GITHUB_TOKEN, secrets,…

Socket
Introducing Repository Access Permissions and Custom Roles
Cybersécurité Programmation

Introducing Repository Access Permissions and Custom Roles

Socket now supports more granular access control for organizations with Custom Roles and Repository Access Permissions, giving teams a more precise way to manage who can do what, and where they can do it. Modern engineering organizations rarely map cleanly to a single security team or a single set of repositories. A user might need to review alerts for one team's repositories, manage scans for another, or support a temporary project without gaining access to the entire organization. Access…

Socket
Socket MCP Adds Org Alerts, Threat Feed Review, and Package Inspection
Cybersécurité Programmation

Socket MCP Adds Org Alerts, Threat Feed Review, and Package Inspection

AppSec and security engineering teams are under pressure to triage supply chain issues faster, with more context and less manual investigation. A single alert can require checking package metadata, reviewing published files, searching for suspicious code, cross-referencing threat intelligence, and determining whether the package appears anywhere in the organization. Socket MCP is now bringing that workflow into MCP-aware AI assistants. With authenticated access to Socket APIs, teams can…

Socket
Socket Firewall Now Blocks Malicious VS Code and Open VSX Extensions
Cybersécurité Programmation

Socket Firewall Now Blocks Malicious VS Code and Open VSX Extensions

In May 2026, GitHub disclosed that attackers compromised an employee device through a poisoned third-party VS Code extension, allowing them to exfiltrate roughly 3,800 GitHub-internal repositories. The extension was Nx Console 18.95.0, a malicious release that reached both the Visual Studio Marketplace and Open VSX before removal. That incident should change how security teams think about editor extensions. Socket researchers have also documented repeated GlassWorm attacks across Open VSX,…

Socket
140+ Mastra npm Packages Compromised in Coordinated Supply Chain Attack
Cybersécurité Programmation

140+ Mastra npm Packages Compromised in Coordinated Supply Chain Attack

Socket has detected a malicious npm supply chain campaign involving compromised @mastra/* packages published under the Mastra namespace. A single npm account (ehindero) mass-published more than 140 malicious packages across the Mastra scope within a short window on 2026-06-17. The compromised package versions themselves contain unmodified code; the attack is delivered through an injected dependency, a typosquatted package named easy-day-js added to each package's dependency list. easy-day-js…

Socket
npm Package Uses Prompt Injection and Token Flooding to Disrupt AI Malware Scanners
Cybersécurité Programmation

npm Package Uses Prompt Injection and Token Flooding to Disrupt AI Malware Scanners

Last week, Socket Threat Research reported that newer Mini Shai-Hulud, Miasma, and Hades packages were embedding fake prompt-injection headers before obfuscated JavaScript payloads. Those comments did not affect runtime execution, but they appeared designed to interfere with AI-assisted malware review. Now we are seeing that same idea tested more directly in a package that appears designed to probe how AI-based scanners handle prompt injection, safety-triggering content, and context flooding.…

Socket
Introducing Manifest Alerts
Cybersécurité Programmation

Introducing Manifest Alerts

Socket now detects missing lockfiles with Manifest Alerts, a new kind of alert for supply chain risks found in project manifests. The feature was built in response to a real problem customers faced during the Axios npm compromise. Due to the complexities of modern dependency resolution, the blast radius of this incident was much wider than it initially appeared. Exposure was not limited to projects that directly depended on the compromised Axios version. For teams with committed lockfiles and…

Socket
GlassWASM: WebAssembly Malware Found in Trojanized Open VSX Extensions
Cybersécurité Programmation

GlassWASM: WebAssembly Malware Found in Trojanized Open VSX Extensions

Socket’s Threat Research team discovered compiled WebAssembly malware embedded in trojanized code extensions for Visual Studio Code. At the time of publication, we identified the following affected package versions on the Open VSX marketplace: exargd/vsblack@0.0.1 noellee-doc/flint-debug@0.1.1 These extensions ship a WebAssembly payload behind a renamed TinyGo loader, and both auto-execute it on extension activation via an appended bootstrap that instantiates the module with go.run(). The…

Socket
Socket for Linear Is Now Available
Cybersécurité Programmation

Socket for Linear Is Now Available

When Socket flags a malicious package or a vulnerable dependency, some fixes are quick: bump a version, drop a package, patch and move on. Plenty of others need to be tracked, assigned to the right person, and prioritized against everything else a team is working on. That kind of work lives in an issue tracker. Linear has earned a loyal following among engineering teams, prized for its speed and the clarity of its workflow. So today we're excited to announce Socket for Linear, which plugs…

Socket
US Government Forces Anthropic to Pull Claude Fable Days After Launch
Cybersécurité Programmation

US Government Forces Anthropic to Pull Claude Fable Days After Launch

For three days, Claude Fable 5 had users around the world one-shotting work they expected to take days or weeks: major code reviews, migrations, long-running builds, and projects some described as career-changing. Then access disappeared. If you were waiting for the weekend to try Claude Fable 5, you’re out of luck. Anthropic suspended access to Claude Fable 5 and Claude Mythos 5 on Friday night after receiving a US government export control directive blocking access by foreign nationals,…

Socket
152 Chrome Live Wallpaper Extensions Hid Ad Tracking and Faked Google Search Traffic
Cybersécurité Programmation

152 Chrome Live Wallpaper Extensions Hid Ad Tracking and Faked Google Search Traffic

Socket's Threat Research Team identified a family of 152 Chrome Web Store new-tab "live wallpaper" extensions, built from one shared codebase but distributed across 38 separate Chrome Web Store publisher accounts and three brand backends, carrying a combined total of approximately 105,000 reported installs. Every listing declares on the Chrome Web Store that it will not collect or use user data, while the linked privacy policy admits the opposite: that the extensions log IP addresses, ISP,…

Socket
Andrew Becherer Joins Socket as Chief Information Security Officer
Cybersécurité Programmation

Andrew Becherer Joins Socket as Chief Information Security Officer

AI now writes as much as 90% of code at top engineering organizations, and the developers downstream of that code pull in open source they've never reviewed. Package hijackings and maintainer compromises that were once a handful of incidents a year now happen weekly. Modern engineering organizations depend on open source to ship faster, and they need security partners who can keep pace with that shift. Today, we're welcoming Andrew Becherer as Socket's first Chief Information Security Officer.…

Socket
Socket Partners with Replit to Block Malicious Packages in AI-Powered Development
Cybersécurité Programmation

Socket Partners with Replit to Block Malicious Packages in AI-Powered Development

The way software gets built is changing fast. Developers are no longer the only ones choosing dependencies. AI agents can now recommend, install, and wire open source packages into applications as part of the build process. Replit is at the center of that shift, giving millions of builders a faster path from idea to working software. As more of that work happens inside AI-powered workflows, dependency security has to move closer to the moment packages are selected and installed. Socket Firewall…

Socket
Esc