Flux
Couleur d'accent
Toutes les sources

Socket

89 articles Flux RSS
Cybersécurité Programmation
AI Has Taken Over Open Source
Cybersécurité Programmation

AI Has Taken Over Open Source

I’ve spent a lot of time looking at what the data reveals about open source, from the speed at which open source alternatives emerge to how maintainer compensation compares with the broader software industry. I’m interested in what the data says, not in predictions based on anecdotes. At Socket, I've had the privilege of accessing our massive database across all major ecosystems, including npm, PyPI, Go, and Rust. We essentially replicate all open source packages, including the very fringe…

Socket
npm Invalidates Granular Access Tokens as Mini Shai-Hulud Sweeps the Registry
Cybersécurité Programmation

npm Invalidates Granular Access Tokens as Mini Shai-Hulud Sweeps the Registry

npm has invalidated every granular access token with write access that bypasses two-factor authentication. The platform-wide credential reset rolled out on May 19, announced from npm's long-dormant X account. The registry posted the notice following an attack that used a hijacked maintainer account to publish hundreds of malicious package versions across the @antv ecosystem. "To prevent supply chain attacks following the pattern of Mini Shai Hulud, we invalidated npm granular access tokens with…

Socket
Coruna Respawned: Compromised art-template npm Package Leads to iOS Browser Exploit Kit
Cybersécurité Programmation

Coruna Respawned: Compromised art-template npm Package Leads to iOS Browser Exploit Kit

Early on May 20th, 2026, the Socket Threat Research team detected signals of a package compromise leading to a sophisticated payload targeting a broad range of iOS devices with a watering-hole attack similar in style to the delivery of the Coruna exploit kit. After careful analysis, a plethora of similarities to that campaign emerged, indicating that a threat actor intended to use a package supply-chain compromise to deliver iOS browser exploits. Repository Takeover Leads to Package Compromise…

Socket
Socket raises $60M Series C at $1B valuation led by Thrive Capital to secure AI-driven software development
Cybersécurité Programmation

Socket raises $60M Series C at $1B valuation led by Thrive Capital to secure AI-driven software development

Today we're announcing Socket's $60 million Series C at a $1 billion valuation, led by Thrive Capital, with participation from Andreessen Horowitz, Abstract Ventures, and Capital One Ventures. The round brings our total funding to $125 million and sets up the next phase of what we're building to protect the software supply chain. This is the moment we've been working toward since we started Socket. AI has changed how every engineering team writes and ships code, increasing the volume of open…

Socket
Socket Raises $60M Series C at a $1B Valuation to Help Enterprises Build Securely With AI
Cybersécurité Programmation

Socket Raises $60M Series C at a $1B Valuation to Help Enterprises Build Securely With AI

Led by Thrive Capital, the round brings Socket to unicorn status as enterprises race to adopt AI coding tools and look for ways to secure the third-party dependencies entering production without slowing down SAN FRANCISCO, May 20, 2026 – Socket today announced it has raised $60 million in Series C funding at a $1 billion valuation. Led by Thrive CapitaI, with participation from a16z, Abstract Ventures, and Capital One Ventures, the round will support Socket’s next phase of growth as more…

Socket
Popular Go Decimal Library Targeted by Long-Running Typosquat with DNS Backdoor
Cybersécurité Programmation

Popular Go Decimal Library Targeted by Long-Running Typosquat with DNS Backdoor

Socket's Threat Research Team identified a malicious Go module published as github.com/shopsprint/decimal, a typosquat of the widely used github.com/shopspring/decimal arbitrary precision arithmetic library. The typosquatted module has been present on the Go ecosystem since 2017-11-08 and was weaponized on 2023-08-19 when version v1.3.3 added a malicious init() function that opens a DNS TXT record command and control channel to a threat actor controlled subdomain on a free dynamic DNS provider.…

Socket
Active Supply Chain Attack Compromises @antv Packages on npm
Cybersécurité Programmation

Active Supply Chain Attack Compromises @antv Packages on npm

Socket’s Threat Research team is investigating an active npm supply chain attack involving compromised packages in the @antv ecosystem. The attack affects packages tied to the npm maintainer account atool, including echarts-for-react, a widely used React wrapper for Apache ECharts with roughly 1.1 million weekly downloads. Socket quickly detected the malicious publish wave and classified the affected versions as known malware. Socket’s internal review identified hundreds of unique packages. The…

Socket
Popular node-ipc npm Package Infected with Credential Stealer
Cybersécurité Programmation

Popular node-ipc npm Package Infected with Credential Stealer

Socket’s threat feed has detected malicious activity in newly published versions of node-ipc, a long-running npm package previously associated with one of the most widely discussed supply chain incidents in the JavaScript ecosystem. The affected versions confirmed as malicious are: node-ipc@9.1.6 node-ipc@9.2.3 node-ipc@12.0.1 Socket’s AI scanner detected the newly published malicious versions within roughly three minutes of publication, classifying the activity as malware. Early analysis…

Socket
TeamPCP and BreachForums Launch $1,000 Contest for Supply Chain Attacks
Cybersécurité Programmation

TeamPCP and BreachForums Launch $1,000 Contest for Supply Chain Attacks

After months of targeting security tools, CI/CD workflows, and open source packages, TeamPCP is now promoting Shai-Hulud as required tooling for a competition that rewards the biggest compromise with a tiny crypto payout. According to Dark Web Informer, the competition was announced on BreachForums by an account identified as the forum’s owner, in collaboration with TeamPCP. Participants are being offered $1,000 USD in Monero to compromise open source packages with Shai-Hulud, along with the…

Socket
Packagist Urges Immediate Composer Update After GitHub Actions Token Leak
Cybersécurité Programmation

Packagist Urges Immediate Composer Update After GitHub Actions Token Leak

Packagist is urgently warning PHP projects to update Composer after a GitHub token format change caused some GitHub Actions tokens to be exposed in CI logs. Composer 2.9.8, 2.2.28 LTS, and 1.10.28 fix a vulnerability where Composer could print the full contents of GitHub Actions-issued GITHUB_TOKEN values or GitHub App installation tokens to stderr when the token failed Composer’s validation check. The issue was triggered by GitHub’s rollout of a new token format that includes a hyphen, which…

Socket
GemStuffer Campaign Abuses RubyGems as Exfiltration Channel Targeting UK Local Government
Cybersécurité Programmation

GemStuffer Campaign Abuses RubyGems as Exfiltration Channel Targeting UK Local Government

Socket's threat research team is tracking a suspicious RubyGems campaign we’re calling GemStuffer, involving more than 100 gems that appear to use the RubyGems registry as a data transport mechanism rather than a conventional malware distribution channel. The packages do not appear designed for mass developer compromise. Many have little or no download activity, and the payloads are repetitive, noisy, and unusually self-contained. Instead, the scripts fetch pages from UK local government…

Socket
Socket Named to Rising in Cyber 2026 List of Top Cybersecurity Startups
Cybersécurité Programmation

Socket Named to Rising in Cyber 2026 List of Top Cybersecurity Startups

Socket has been named to the Rising in Cyber 2026 list, an annual recognition of the most promising private cybersecurity companies, as selected by nearly 150 practicing CISOs and cybersecurity executives. Launched by Notable Capital, Rising in Cyber recognizes 30 private cybersecurity startups shaping the future of enterprise security. This year’s honorees were selected by security leaders from organizations including Booking.com, Albertsons, Atlassian, and TIAA. The list was announced…

Socket
TanStack npm Packages Compromised in Ongoing Mini Shai-Hulud Supply-Chain Attack
Cybersécurité Programmation

TanStack npm Packages Compromised in Ongoing Mini Shai-Hulud Supply-Chain Attack

The Socket Threat Research team detected a compromise across 84 npm package artifacts in the tanstack namespace. Affected packages were modified to add a suspected credential stealer targeting various CI systems, including Github Actions. All packages were flagged by Socket AI Scanner in six minutes or less after publication. Several of the newly turned malicious packages, like pkg:npm/@tanstack/react-router have over 12 million weekly downloads, and are widely consumed both directly and…

Socket
fsnotify Maintainer Dispute Sparks Supply Chain Concerns
Cybersécurité Programmation

fsnotify Maintainer Dispute Sparks Supply Chain Concerns

A dispute over maintainer access in fsnotify, a widely used Go library for cross-platform filesystem notifications, briefly raised takeover concerns this week after contributors were removed from the project’s GitHub organization and recent releases came under scrutiny. So far, there’s no evidence that any fsnotify release was compromised. The concern is messier and more familiar: when a popular project has unclear maintainer roles, release access, and review norms, downstream users can’t…

Socket
Socket Releases Free Certified Patches for Critical vm2 Sandbox Escape
Cybersécurité Programmation

Socket Releases Free Certified Patches for Critical vm2 Sandbox Escape

Socket is releasing free Certified Patches for a critical sandbox escape vulnerability in vm2, a JavaScript sandboxing library used to run untrusted code inside Node.js applications. The vulnerability, tracked as GHSA-ffh4-j6h5-pg66 and CVE-2026-26956, allows attacker-controlled JavaScript executed through VM.run() to escape the sandbox, access the host Node.js process object, and execute arbitrary operating system commands. The current GitHub advisory identifies vm2 3.10.4 as affected and…

Socket
Esc