Socket
@socket.dev
Socket is the #1 software supply chain security platform. Next-gen SCA + SBOM + 0-day prevention. LOVED BY DEVELOPERS.
https://socket.dev
https://socket.dev
Reposted by Socket
"Most people are completely unprepared for this," O'Reilly said. "They treat it like installing Spotify when it's actually more like giving someone sudo access to your entire machine." - security researcher Jamieson O'Reilly
☠️🤖 We’re entering a new era of malicious workflows.
OpenClaw skills show how easily agent workflows can be abused once they’re trusted to execute.
A closer look at this emerging class of supply chain attack:
socket.dev/blog/opencla...
OpenClaw skills show how easily agent workflows can be abused once they’re trusted to execute.
A closer look at this emerging class of supply chain attack:
socket.dev/blog/opencla...
OpenClaw Skill Marketplace Emerges as Active Malware Vector ...
Security researchers report widespread abuse of OpenClaw skills to deliver info-stealing malware, exposing a new supply chain risk as agent ecosystems...
socket.dev
February 10, 2026 at 2:20 PM
"Most people are completely unprepared for this," O'Reilly said. "They treat it like installing Spotify when it's actually more like giving someone sudo access to your entire machine." - security researcher Jamieson O'Reilly
☠️🤖 We’re entering a new era of malicious workflows.
OpenClaw skills show how easily agent workflows can be abused once they’re trusted to execute.
A closer look at this emerging class of supply chain attack:
socket.dev/blog/opencla...
OpenClaw skills show how easily agent workflows can be abused once they’re trusted to execute.
A closer look at this emerging class of supply chain attack:
socket.dev/blog/opencla...
OpenClaw Skill Marketplace Emerges as Active Malware Vector ...
Security researchers report widespread abuse of OpenClaw skills to deliver info-stealing malware, exposing a new supply chain risk as agent ecosystems...
socket.dev
February 10, 2026 at 5:05 AM
☠️🤖 We’re entering a new era of malicious workflows.
OpenClaw skills show how easily agent workflows can be abused once they’re trusted to execute.
A closer look at this emerging class of supply chain attack:
socket.dev/blog/opencla...
OpenClaw skills show how easily agent workflows can be abused once they’re trusted to execute.
A closer look at this emerging class of supply chain attack:
socket.dev/blog/opencla...
Reposted by Socket
“Every large OSS project is navigating the same tension between enthusiasm for AI and real concern about its impact...Protect your maintainers. They're a rare asset, hard to replace and easy to lose. Any path forward that burns them out isn't a path forward at all.” - @dries.bsky.social
Anthropic says Claude Opus 4.6 uncovered 500+ high-severity open source vulnerabilities.
What that means for disclosure, patching, and the maintainers at the heart of open source security.
socket.dev/blog/the-nex... #oss
What that means for disclosure, patching, and the maintainers at the heart of open source security.
socket.dev/blog/the-nex... #oss
The Next Open Source Security Race: Triage at Machine Speed ...
Claude Opus 4.6 has uncovered more than 500 open source vulnerabilities, raising new considerations for disclosure, triage, and patching at scale.
socket.dev
February 7, 2026 at 12:19 AM
“Every large OSS project is navigating the same tension between enthusiasm for AI and real concern about its impact...Protect your maintainers. They're a rare asset, hard to replace and easy to lose. Any path forward that burns them out isn't a path forward at all.” - @dries.bsky.social
Reposted by Socket
This is at least the third time dYdX-related packages and infrastructure have been compromised in the past four years. Anyone using the #dYdX protocol or exchange should review their exposure.
cc: @campuscodi.risky.biz @bleepingcomputer.com @coindesk.com @web3isgoinggreat.com
cc: @campuscodi.risky.biz @bleepingcomputer.com @coindesk.com @web3isgoinggreat.com
🚨 We detected malicious #dYdX client packages published to npm and PyPI after a maintainer account compromise, enabling wallet theft and remote code execution.
Full investigation → socket.dev/blog/malicio... #crypto
Full investigation → socket.dev/blog/malicio... #crypto
Malicious dYdX Packages Published to npm and PyPI After Main...
Malicious dYdX client packages were published to npm and PyPI after a maintainer compromise, enabling wallet credential theft and remote code executio...
socket.dev
February 7, 2026 at 4:18 PM
This is at least the third time dYdX-related packages and infrastructure have been compromised in the past four years. Anyone using the #dYdX protocol or exchange should review their exposure.
cc: @campuscodi.risky.biz @bleepingcomputer.com @coindesk.com @web3isgoinggreat.com
cc: @campuscodi.risky.biz @bleepingcomputer.com @coindesk.com @web3isgoinggreat.com
Anthropic says Claude Opus 4.6 uncovered 500+ high-severity open source vulnerabilities.
What that means for disclosure, patching, and the maintainers at the heart of open source security.
socket.dev/blog/the-nex... #oss
What that means for disclosure, patching, and the maintainers at the heart of open source security.
socket.dev/blog/the-nex... #oss
The Next Open Source Security Race: Triage at Machine Speed ...
Claude Opus 4.6 has uncovered more than 500 open source vulnerabilities, raising new considerations for disclosure, triage, and patching at scale.
socket.dev
February 7, 2026 at 12:02 AM
Anthropic says Claude Opus 4.6 uncovered 500+ high-severity open source vulnerabilities.
What that means for disclosure, patching, and the maintainers at the heart of open source security.
socket.dev/blog/the-nex... #oss
What that means for disclosure, patching, and the maintainers at the heart of open source security.
socket.dev/blog/the-nex... #oss
🚨 We detected malicious #dYdX client packages published to npm and PyPI after a maintainer account compromise, enabling wallet theft and remote code execution.
Full investigation → socket.dev/blog/malicio... #crypto
Full investigation → socket.dev/blog/malicio... #crypto
Malicious dYdX Packages Published to npm and PyPI After Main...
Malicious dYdX client packages were published to npm and PyPI after a maintainer compromise, enabling wallet credential theft and remote code executio...
socket.dev
February 6, 2026 at 1:29 AM
🚨 We detected malicious #dYdX client packages published to npm and PyPI after a maintainer account compromise, enabling wallet theft and remote code execution.
Full investigation → socket.dev/blog/malicio... #crypto
Full investigation → socket.dev/blog/malicio... #crypto
💎 The Gem Cooperative is testing dependency cooldowns at the registry level, delaying access to newly published gems rather than relying on client tooling. An interesting infrastructure experiment to reduce exposure to malicious #Ruby gems during supply chain attacks:
socket.dev/blog/gem-coo...
socket.dev/blog/gem-coo...
gem.coop Tests Dependency Cooldowns as Package Ecosystems Mo...
gem.coop is testing registry-level dependency cooldowns to limit exposure during the brief window when malicious gems are most likely to spread.
socket.dev
February 5, 2026 at 4:11 PM
💎 The Gem Cooperative is testing dependency cooldowns at the registry level, delaying access to newly published gems rather than relying on client tooling. An interesting infrastructure experiment to reduce exposure to malicious #Ruby gems during supply chain attacks:
socket.dev/blog/gem-coo...
socket.dev/blog/gem-coo...
Reposted by Socket
GlassWorm Malware Returns to Shatter Developer Ecosystems: https://bit.ly/4thk56I by Alexander Culafi
GlassWorm Returns to Shatter Developer Ecosystems
The self-replicating malware has poisoned a fresh set of Open VSX software components, leaving potential downstream victims with infostealer infections.
bit.ly
February 3, 2026 at 10:48 PM
GlassWorm Malware Returns to Shatter Developer Ecosystems: https://bit.ly/4thk56I by Alexander Culafi
Open VSX is rolling out pre-publish security checks after repeated malicious extension incidents, as IDE extensions become an increasingly attractive supply chain target.
Details → socket.dev/blog/open-vs...
Details → socket.dev/blog/open-vs...
Open VSX Begins Implementing Pre-Publish Security Checks Aft...
Following multiple malicious extension incidents, Open VSX outlines new safeguards designed to catch risky uploads earlier.
socket.dev
February 3, 2026 at 2:37 PM
Open VSX is rolling out pre-publish security checks after repeated malicious extension incidents, as IDE extensions become an increasingly attractive supply chain target.
Details → socket.dev/blog/open-vs...
Details → socket.dev/blog/open-vs...
Reposted by Socket
Four legit Open VSX extensions shipped credential-stealing malware after the publisher was compromised. The Eclipse Foundation/Open VSX security team confirmed it was consistent with leaked tokens or other unauthorized publishing access.
🚨 New research: Threat actors compromised four #OpenVSX extensions, pushed malicious updates that load encrypted malware, evade Russian locales, and fetch C2 instructions via #Solana memos, leading to macOS credential and wallet theft.
Full analysis: socket.dev/blog/glasswo...
Full analysis: socket.dev/blog/glasswo...
GlassWorm Loader Hits Open VSX via Suspected Developer Accou...
Threat actors compromised four oorzc Open VSX extensions with than 22,000 downloads, pushing malicious versions that install a staged loader, evade Ru...
socket.dev
January 31, 2026 at 5:21 PM
Four legit Open VSX extensions shipped credential-stealing malware after the publisher was compromised. The Eclipse Foundation/Open VSX security team confirmed it was consistent with leaked tokens or other unauthorized publishing access.
🚨 New research: Threat actors compromised four #OpenVSX extensions, pushed malicious updates that load encrypted malware, evade Russian locales, and fetch C2 instructions via #Solana memos, leading to macOS credential and wallet theft.
Full analysis: socket.dev/blog/glasswo...
Full analysis: socket.dev/blog/glasswo...
GlassWorm Loader Hits Open VSX via Suspected Developer Accou...
Threat actors compromised four oorzc Open VSX extensions with than 22,000 downloads, pushing malicious versions that install a staged loader, evade Ru...
socket.dev
January 31, 2026 at 5:05 PM
🚨 New research: Threat actors compromised four #OpenVSX extensions, pushed malicious updates that load encrypted malware, evade Russian locales, and fetch C2 instructions via #Solana memos, leading to macOS credential and wallet theft.
Full analysis: socket.dev/blog/glasswo...
Full analysis: socket.dev/blog/glasswo...
Lodash is critical #JavaScript infrastructure.
We spoke with maintainers about its first security release in years — and why sunsetting it was never a real option.
socket.dev/blog/inside-...
We spoke with maintainers about its first security release in years — and why sunsetting it was never a real option.
socket.dev/blog/inside-...
Inside Lodash’s Security Reset and Maintenance Reboot - Sock...
Lodash 4.17.23 marks a security reset, with maintainers rebuilding governance and infrastructure to support long-term, sustainable maintenance.
socket.dev
January 31, 2026 at 1:23 AM
Lodash is critical #JavaScript infrastructure.
We spoke with maintainers about its first security release in years — and why sunsetting it was never a real option.
socket.dev/blog/inside-...
We spoke with maintainers about its first security release in years — and why sunsetting it was never a real option.
socket.dev/blog/inside-...
⭐️ Big changes in the 2025 #JavaScript Rising Stars results this year. Automation, workflows, and production tooling dominate, featuring @n8n.io, @bun.sh, @react.dev, Motia, Dyad, Stagehand, and more.
Here are the highlights → socket.dev/blog/n8n-top...
Here are the highlights → socket.dev/blog/n8n-top...
n8n Tops 2025 JavaScript Rising Stars as Workflow Platforms ...
n8n led JavaScript Rising Stars 2025 by a wide margin, with workflow platforms seeing the largest growth across categories.
socket.dev
January 30, 2026 at 4:41 AM
⭐️ Big changes in the 2025 #JavaScript Rising Stars results this year. Automation, workflows, and production tooling dominate, featuring @n8n.io, @bun.sh, @react.dev, Motia, Dyad, Stagehand, and more.
Here are the highlights → socket.dev/blog/n8n-top...
Here are the highlights → socket.dev/blog/n8n-top...
🚨 Update: This is larger than we initially reported. Amazon Ads Blocker is part of a coordinated 29-extension network targeting Amazon, AliExpress, Best Buy, Shopify, and Shein. We’ve updated the research & IOCs to reflect the campaign.
Full Research → socket.dev/blog/malicio...
Full Research → socket.dev/blog/malicio...
Malicious Chrome Extension Performs Hidden Affiliate Hijacki...
A Chrome extension claiming to hide Amazon ads was found secretly hijacking affiliate links, replacing creators’ tags with its own without user consen...
socket.dev
January 29, 2026 at 8:49 PM
🚨 Update: This is larger than we initially reported. Amazon Ads Blocker is part of a coordinated 29-extension network targeting Amazon, AliExpress, Best Buy, Shopify, and Shein. We’ve updated the research & IOCs to reflect the campaign.
Full Research → socket.dev/blog/malicio...
Full Research → socket.dev/blog/malicio...
Reposted by Socket
SBOMs are no longer mandatory for federal agencies. New guidance rescinds prior software supply chain mandates and shifts to agency-defined risk assessment.
Details → socket.dev/blog/federal... #Cybersecurity #GovTech
Details → socket.dev/blog/federal... #Cybersecurity #GovTech
Federal Government Rescinds Software Supply Chain Mandates, ...
The U.S. government is rolling back software supply chain mandates, shifting from mandatory SBOMs and attestations to a risk-based approach.
socket.dev
January 29, 2026 at 3:15 AM
SBOMs are no longer mandatory for federal agencies. New guidance rescinds prior software supply chain mandates and shifts to agency-defined risk assessment.
Details → socket.dev/blog/federal... #Cybersecurity #GovTech
Details → socket.dev/blog/federal... #Cybersecurity #GovTech
SBOMs are no longer mandatory for federal agencies. New guidance rescinds prior software supply chain mandates and shifts to agency-defined risk assessment.
Details → socket.dev/blog/federal... #Cybersecurity #GovTech
Details → socket.dev/blog/federal... #Cybersecurity #GovTech
Federal Government Rescinds Software Supply Chain Mandates, ...
The U.S. government is rolling back software supply chain mandates, shifting from mandatory SBOMs and attestations to a risk-based approach.
socket.dev
January 29, 2026 at 3:15 AM
SBOMs are no longer mandatory for federal agencies. New guidance rescinds prior software supply chain mandates and shifts to agency-defined risk assessment.
Details → socket.dev/blog/federal... #Cybersecurity #GovTech
Details → socket.dev/blog/federal... #Cybersecurity #GovTech
Reposted by Socket
This is exactly the kind of thing people worry about with browser extensions. It looks like an Amazon ad blocker, but quietly hijacks affiliate links in the background. Most people aren’t reading extension source code (and if you are, congrats 🙃), which is why this works.
Socket’s Threat Research team analyzed a Chrome extension marketed as an Amazon ad blocker that secretly hijacks affiliate links and replaces existing tags with its own.
Full Research → socket.dev/blog/malicio...
Full Research → socket.dev/blog/malicio...
Malicious Chrome Extension Performs Hidden Affiliate Hijacki...
A Chrome extension claiming to hide Amazon ads was found secretly hijacking affiliate links, replacing creators’ tags with its own without user consen...
socket.dev
January 27, 2026 at 5:41 PM
This is exactly the kind of thing people worry about with browser extensions. It looks like an Amazon ad blocker, but quietly hijacks affiliate links in the background. Most people aren’t reading extension source code (and if you are, congrats 🙃), which is why this works.
🦀 New on crates.io: RustSec advisories now appear on crate pages, alongside updates to Trusted Publishing support and CI trigger restrictions.
Details → socket.dev/blog/crates-... #rustlang
Details → socket.dev/blog/crates-... #rustlang
January 28, 2026 at 3:27 AM
🦀 New on crates.io: RustSec advisories now appear on crate pages, alongside updates to Trusted Publishing support and CI trigger restrictions.
Details → socket.dev/blog/crates-... #rustlang
Details → socket.dev/blog/crates-... #rustlang
Socket’s Threat Research team analyzed a Chrome extension marketed as an Amazon ad blocker that secretly hijacks affiliate links and replaces existing tags with its own.
Full Research → socket.dev/blog/malicio...
Full Research → socket.dev/blog/malicio...
Malicious Chrome Extension Performs Hidden Affiliate Hijacki...
A Chrome extension claiming to hide Amazon ads was found secretly hijacking affiliate links, replacing creators’ tags with its own without user consen...
socket.dev
January 27, 2026 at 5:11 PM
Socket’s Threat Research team analyzed a Chrome extension marketed as an Amazon ad blocker that secretly hijacks affiliate links and replaces existing tags with its own.
Full Research → socket.dev/blog/malicio...
Full Research → socket.dev/blog/malicio...
Reposted by Socket
“We are just a small single open source project with a small number of active maintainers. It is not in our power to change how all these people and their slop machines work. We need to make moves to ensure our survival and intact mental health.” - @bagder.mastodon.social.ap.brid.gy
curl maintainer @daniel.haxx.se said the project is shutting down its bug bounty program after maintainers were buried under low-quality, AI-generated slop reports. Security disclosure systems that assume unlimited #OSS maintainer labor are reaching their limits.
socket.dev/blog/curl-sh...
socket.dev/blog/curl-sh...
curl Shuts Down Bug Bounty Program After Flood of AI Slop Re...
A surge of AI-generated vulnerability reports has pushed open source maintainers to rethink bug bounties and tighten security disclosure processes.
socket.dev
January 24, 2026 at 3:04 AM
“We are just a small single open source project with a small number of active maintainers. It is not in our power to change how all these people and their slop machines work. We need to make moves to ensure our survival and intact mental health.” - @bagder.mastodon.social.ap.brid.gy
curl maintainer @daniel.haxx.se said the project is shutting down its bug bounty program after maintainers were buried under low-quality, AI-generated slop reports. Security disclosure systems that assume unlimited #OSS maintainer labor are reaching their limits.
socket.dev/blog/curl-sh...
socket.dev/blog/curl-sh...
curl Shuts Down Bug Bounty Program After Flood of AI Slop Re...
A surge of AI-generated vulnerability reports has pushed open source maintainers to rethink bug bounties and tighten security disclosure processes.
socket.dev
January 23, 2026 at 11:15 PM
curl maintainer @daniel.haxx.se said the project is shutting down its bug bounty program after maintainers were buried under low-quality, AI-generated slop reports. Security disclosure systems that assume unlimited #OSS maintainer labor are reaching their limits.
socket.dev/blog/curl-sh...
socket.dev/blog/curl-sh...
Scans no longer change every time you reload the page. Once a scan completes, results are immutable, easy to share, and quick to revisit, with on-demand rescans for fresh data.
⚡️ Check out Immutable Scans → socket.dev/blog/introdu...
⚡️ Check out Immutable Scans → socket.dev/blog/introdu...
Introducing Immutable Scans - Socket
Scan results now load faster and remain consistent over time, with stable URLs and on-demand rescans for fresh security data.
socket.dev
January 23, 2026 at 4:23 PM
Scans no longer change every time you reload the page. Once a scan completes, results are immutable, easy to share, and quick to revisit, with on-demand rescans for fresh data.
⚡️ Check out Immutable Scans → socket.dev/blog/introdu...
⚡️ Check out Immutable Scans → socket.dev/blog/introdu...
🚀 Socket Launch Week Day 5: We’re capping off this launch week with faster, more predictable security scans!
Immutable Scans make results load quickly by default and stay consistent when you share them.
Immutable Scans make results load quickly by default and stay consistent when you share them.
January 23, 2026 at 4:23 PM
🚀 Socket Launch Week Day 5: We’re capping off this launch week with faster, more predictable security scans!
Immutable Scans make results load quickly by default and stay consistent when you share them.
Immutable Scans make results load quickly by default and stay consistent when you share them.
The new Alert Details page surfaces more context in one place, with a clearer layout, detected instances, and reachability dependency chains that show how risk flows through your code.
More details → socket.dev/blog/introdu...
More details → socket.dev/blog/introdu...
Introducing the Alert Details Page: A Better Way to Explore ...
Socket's new Alert Details page is designed to surface more context, with a clearer layout, reachability dependency chains, and structured review.
socket.dev
January 22, 2026 at 6:31 PM
The new Alert Details page surfaces more context in one place, with a clearer layout, detected instances, and reachability dependency chains that show how risk flows through your code.
More details → socket.dev/blog/introdu...
More details → socket.dev/blog/introdu...
🚀 Launch Week Day 4: We’re introducing a new Alert Details page! A more spacious way to explore alerts and understand their impact across your codebase.
January 22, 2026 at 6:31 PM
🚀 Launch Week Day 4: We’re introducing a new Alert Details page! A more spacious way to explore alerts and understand their impact across your codebase.