//
sign in
Profile
by @danabra.mov
Profile
by @dansshadow.bsky.social
Profile
by @jimpick.com
AviHandle
by @danabra.mov
AviHandle
by @dansshadow.bsky.social
AviHandle
by @katherine.computer
EventsList
by @katherine.computer
ProfileHeader
by @dansshadow.bsky.social
ProfileHeader
by @danabra.mov
ProfileMedia
by @danabra.mov
ProfilePlays
by @danabra.mov
ProfilePosts
by @danabra.mov
ProfilePosts
by @dansshadow.bsky.social
ProfileReplies
by @danabra.mov
Record
by @atsui.org
Skircle
by @danabra.mov
StreamPlacePlaylist
by @katherine.computer
+ new component
Profile
Loading...
Loading...
Andrew Becherer is joining Socket as our first CISO. He was Datadog's first security hire and led security there through its IPO. Socket protects 27,000+ orgs. Andrew will own how we protect ourselves and how we show up for the security teams we serve. socket.dev/blog/andrew-...
12d
🧩 New Research: 152 Chrome "live wallpaper" extensions hid ad tracking behind false privacy disclosures and faked Google search traffic to support ad monetization. The network spanned 38 publisher accounts, 3 backend brands, and ~105K installs. socket.dev/blog/152-chr...
Shocked, shocked I say
10d
10d
Feross
OSV has withdrawn 157 malware reports after automated detections incorrectly flagged npm and PyPI packages as malicious, pushing bad records for trusted projects into OSV-consuming security tools and CI/CD systems. socket.dev/blog/osv-wit...
Open source maintainers were already overloaded. AI-driven vulnerability discovery is about to send a lot more findings their way. @feross.bsky.social on TBPN 👇 socket.dev/blog/feross-...
New research: A malicious NuGet package impersonating Sicoob’s official SDK exfiltrated client IDs, PFX passwords, and banking certificates through Sentry telemetry. A fake SDK for stealing API secrets: socket.dev/blog/malicio...
27d
26d
25d
🚨 Active supply chain attack across npm, PyPI, and Crates.io. 34+ packages stealing crypto wallets, SSH keys, and cloud creds. The malware even plants poisoned .cursorrules and CLAUDE.md files to weaponize AI coding assistants. socket.dev/blog/trapdoo...
Socket
Socket
29d
Socket
"AI is now driving both the production and consumption of open source software. AI-generated music ends in human ears, and AI-generated images mostly benefit humans, but AI-generated software is an ouroboros (a snake eating its own tail) which is just getting started." - @staltz.com
Socket
1mo
socket.dev
Socket’s first CISO brings deep experience securing high-growth SaaS companies as open source supply chain threats accelerate.
Andrew Becherer Joins Socket as Chief Information Security O...
JeffG
Feross
Sarah Gooding
Turn off automatic extension updates in your IDE. Make it the default.
7d
🧩 New Research: 152 Chrome "live wallpaper" extensions hid ad tracking behind false privacy disclosures and faked Google search traffic to support ad monetization. The network spanned 38 publisher accounts, 3 backend brands, and ~105K installs. socket.dev/blog/152-chr...
10d
Socket
AI has taken over open source, and the data is wild: • npm is now seeing 100k+ packages published per month • packages with em dashes in READMEs jumped from ~5% to 30%+ • AI is increasingly writing packages and choosing dependencies Awesome post by @staltz.com: socket.dev/blog/ai-has-...
Feross Aboukhadijeh joins TBPN to discuss Socket's $60M Series C, 500%+ ARR growth, AI's impact on open source, and the rise in supply chain attacks.
Feross on TBPN: Socket's Series C and the State of Software ...
socket.dev
A malicious NuGet package impersonating Sicoob exfiltrated client IDs, PFX passwords, and banking certificates through Sentry telemetry.
socket.dev
Malicious NuGet Package Impersonates Sicoob SDK to Exfiltrat...
A network of 152 Chrome live wallpaper extensions hid ad tracking and made extension-driven traffic look like Google search clicks.
socket.dev
152 Chrome Live Wallpaper Extensions Hid Ad Tracking and Fak...
OSV withdrew 157 OSV malware reports after automated false positives incorrectly flagged trusted npm and PyPI packages, sending bad records into tools...
socket.dev
1mo
OSV Withdraws 157 Malware Reports After Automated False Posi...
A network of 152 Chrome live wallpaper extensions hid ad tracking and made extension-driven traffic look like Google search clicks.
socket.dev
152 Chrome Live Wallpaper Extensions Hid Ad Tracking and Fak...
Socket
Ilja
Vibe coding at scale is reshaping how packages are created, contributed, and selected across the software supply chain
socket.dev
AI Has Taken Over Open Source - Socket
New Research: Trojanized Open VSX extensions are shipping GlassWASM, a new WebAssembly malware variant. It hides malware logic in TinyGo-compiled WASM and pulls C2 instructions from Solana transaction memos. socket.dev/blog/glasswa...
7d
Socket
The trojanized extensions use TinyGo-compiled WebAssembly and Solana transaction memos to resolve command-and-control infrastructure.
socket.dev
GlassWASM: WebAssembly Malware Found in Trojanized Open VSX ...