Why this kind of thing works: imToken doesnβt have an official Chrome extension, so if you search βimTokenβ in the Chrome Web Store, this impostor is the only thing you find.
Hah!
AI is changing how software gets built, and how it gets compromised. What's keeping your security team up at night? We want to hear about it. Book time with @feross.bsky.social and the Socket team at RSA + @bsidessf.org. We'll be in SF all week.
socket.dev/blog/meet-so...
You donβt see this every day: attackers hiding C2 infrastructure inside computer science essays on Pastebin using character-level steganography, then wiring it into 26 typosquatted npm packages impersonating some of the ecosystemβs most widely-used libraries.
socket.dev/blog/stegabi...
π¨ We detected malicious OpenVSX releases of Aqua Trivy (1.8.12 & 1.8.13) that injected natural-language prompts to weaponize local AI coding agents.
The releases occurred during a broader AI-powered attack targeting #OSS projects.
Full analysis β
socket.dev/blog/unautho...
Well, you donβt see this every day. π Pastebin steganography used as a dead drop for npm malware.
cc: @campuscodi.risky.biz @bleepingcomputer.com @zackwhittaker.com @thehackernews.bsky.social
We'll be streaming live with @feross.bsky.social and @grobmeier.de at 10AM PST today! If you want a reminder, click "Attend" on LinkedIn or "Notify Me" on YouTube.
@socket.dev Fantastic report! Stay safe out there, folks!
socket.dev/blog/sandwor...
shoutout to the @socket.dev team for the incredible report.
SANDWORM_MODE is a supply chain worm that has similarities to Shai-Hulud and poisons AI Agents using an innocuous-looking MCP server installed on the developer machine.
AI agents are writing up to 90% of new production code. What does that mean for open source security?
Socket CEO @feross.bsky.social joined the @riskybusiness.bsky.social podcast to break down this seismic shift & the growing risk to the software supply chain.
Watch nowβ socket.dev/blog/risky-b...
Excited to tune into this conversation! π€©
Log4Shell was one of those moments that pulled back the curtain on how much of the internet runs on small open source projects. We've all seen the memes and hot takes it inspired about sustainability, but what has actually changed? Join us tomorrow!
Join us on Feb 25 @ 10am PST for a fireside chat w/ Log4j maintainer @grobmeier.de and Socket CEO @feross.bsky.social on Log4Shell and the realities of maintaining critical OSS infrastructure.
Watch live & get notified:
LinkedIn β linkedin.com/events/74318...
YouTube β youtube.com/watch?v=9-uV...
π₯ Your AI coding assistant might be stealing your SSH keys. π₯
@socket.dev found an active Shai-Hulud style npm worm (SANDWORM_MODE) that hijacks CI workflows, spreads via stolen tokens, and injects rogue MCP servers to poison AI coding tools and steal secrets.
π¨ Active Shai-HuludβLike npm Supply Chain Attack: SANDWORM_MODE
Socketβs Threat Research Team has identified an active Shai-Huludβlike worm campaign spreading across 19+ malicious npm packages published under two aliases.
Full technical analysis: socket.dev/blog/sandwor...
The @socket.dev team caught super early signals of this attack campaign leading to preemptive shutdown! proud of the team and our advanced threat detection engine! πͺ
Thankful for the rapid response and takedown @npmjs.bsky.social @github.com @cloudflare.social π
#shaihulud #SANDWORM_MODE
Incoming news. Stay tuned.
π βWeβre excited to welcome @socket.dev to the OpenJS Foundation. Theyβve been showing up for this community for a long time, and their work supports the JavaScript ecosystem in really meaningful ways.β
- @rginn206.bsky.social, Executive Director, @openjsf.org
Excited that @socket.dev has joined @openjsf.org!
Code security is more important than ever in the AI coding and agentic era! We're doing our part to help.
Really cool to see @npmjs.bsky.social featuring more security information on package pages, including a link to Socket's analysis! π€©
Here's what you'll find when you click through β
socket.dev/blog/socket-... #NodeJS #JavaScript
A compromised npm token was used to push an unauthorized postinstall script in cline@2.3.0, a popular AI coding agent CLI with 90k weekly downloads.
Big shoutout to @adnanthekhan.bsky.social whose research sniffed out the cache poisoning vulnerability! πͺ
Details β socket.dev/blog/cline-c...
The PHP ecosystem is massive, and so are the potential supply chain risks. Todayβs launch brings best-in-class package security to Packagist and Composer workflows. Weβre excited for the PHP community to try it and share feedback!
PHP developers can now:
β’ Browse any Composer packageβs security score & dependency insights
β’ Generate SBOMs from composer.lock & composer.json
β’ Detect malware, typosquatting, backdoors, and other risks with AI-powered analysis
Learn more β socket.dev/blog/introdu...
π Big news for #PHP developers! Socket now supports the PHP ecosystem with full Composer & @packagist.com integration. Search and explore packages, generate SBOMs from your Composer projects, and get proactive supply chain protection for your dependencies.
Having started in the PHP world, this launch is close to my heart. Thrilled to see @socket.dev now supporting Composer and @packagist.com! Weβre looking forward to bringing better supply chain visibility to the PHP ecosystem. π
Everyone's racing to build with AI agent skills. Decentralized repos, executable code = wide open attack surface.
Socket is now securing skills on @vercel.com's skills.sh. We scan across Python, JS, and 10+ languages to catch malicious code before it reaches developers.
socket.dev/blog/socket-...
The AI agent skills ecosystem is moving at breakneck speed. At @socket.dev we're moving just as fast to secure skills so developers can keep shipping with confidence. Excited to see where this goes!
BIG NEWS: @socket.dev is now scanning AI agent skills across multiple languages and ecosystems, detecting malicious behavior before developers install, starting with 60,000+ skills.
socket.dev/blog/socket-...
