//
sign in
Profile
by @danabra.mov
Profile
by @dansshadow.bsky.social
Profile
by @jimpick.com
AviHandle
by @danabra.mov
AviHandle
by @dansshadow.bsky.social
AviHandle
by @katherine.computer
EventsList
by @katherine.computer
ProfileHeader
by @dansshadow.bsky.social
ProfileHeader
by @danabra.mov
ProfileMedia
by @danabra.mov
ProfilePlays
by @danabra.mov
ProfilePosts
by @danabra.mov
ProfilePosts
by @dansshadow.bsky.social
ProfileReplies
by @danabra.mov
Record
by @atsui.org
Skircle
by @danabra.mov
StreamPlacePlaylist
by @katherine.computer
+ new component
Profile
Loading...
Loading...
Two malicious Rust crates (faster_log and async_println) impersonated the popular fast_log library to steal Solana and Ethereum wallet keys from source code. Downloaded 8,424 times before removal, these packages scanned developer files for private keys and exfiltrated them to a C2 server.
While we haven't seen major supply chain attacks hitting any of the major open-source ecosystems, the Socket Threat Research Team uncovered some fascinating and creative attack techniques worth sharing:
8mo
Published my take on METR's surprising study that I participated in: AI tools made experienced developers 19% slower (expectation was that they would become 40% faster with AI!)🤯 I dive into the why, where AI coding tools actually help, and how I've shifted from handholding AI to async delegation.
We identified 72 malicious Open VSX extensions linked to the GlassWorm campaign, including many cases where the malware is distributed transitively by being delilvered via covert extension packs. See below for link to our full coverage.
QR Code Steganography in npm: We discovered fezbox, a malicious npm package using an innovative steganographic technique for obfuscation - hiding malware inside a QR code! The package fetches a QR code from a remote URL and executes code hidden within it to steal browser credentials.
Today, Socket detected malicious Namastex.ai npm packages that appear to replicate TeamPCP-style Canister Worm patterns, including exfiltration and self-propagation. More on our blog, including actions for defenders to take against yet another supply chain attack on the npm open-source ecosystem.
Read more on our blog: socket.dev/blog/malicio... and socket.dev/blog/two-mal...
Given an ongoing PyPI phishing campaign that continues to target users with new domains through legitimate-looking emails requesting "email verification" that actually steal credentials, we are on the lookout for any compromised packages in the PyPI ecosystem specifically.
8mo
🚨 New research: A spearphishing campaign published 27 malicious npm packages that host browser-run lures mimicking document portals and Microsoft sign-in to steal credentials. This operation targets manufacturing and healthcare orgs in the U.S. and allied countries. socket.dev/blog/spearph...
10mo
2mo
1mo
8mo
8mo
8mo
5mo
Read the full blog post here: blog.stdlib.io/reflection-o...
Philipp Burckhardt
Philipp Burckhardt
Philipp Burckhardt
10mo
Philipp Burckhardt
Philipp Burckhardt
Philipp Burckhardt
Philipp Burckhardt
Philipp Burckhardt
A reflection on stdlib's participation in the 2025 METR study on AI's impact on open-source developer productivity.
blog.stdlib.io
Using AI in the development of stdlib
Socket
Philipp Burckhardt