We just bought a company. Why? Because vulnerability scanning is fundamentally broken. And I’m tired of pretending it’s fine. We acquired Coana, the best reachability analysis engine on the planet. The whole vuln industry is addicted to quantity over quality. More alerts, more

Malicious Go modules are being used in supply chain attacks to wipe Linux systems clean.

🚨 Malicious Go modules are nuking Linux systems—wiping entire disks beyond recovery using hidden payloads. 🧨 3 GitHub-hosted packages posed as dev tools. Once run on Linux, they downloaded a script to overwrite /dev/sda—killing the OS. At the same time, npm & PyPI malware is:

Malicious npm packages targeting crypto traders: • Steal wallet keys & #BullX credentials • Exfiltrate via Telegram • Use minimal wrapper to launch the payload Full analysis: lnkd.in/eQWirmTd #JavaScript #CyberSecurity #ThreatIntel #npm

🚨 New npm malware campaign targeting: • React • Vue • Vite • Node.js • Quill editor Deletes files. Crashes systems. Breaks apps silently. #JavaScript #infosec #CyberSecurity #npm

🚨Typosquatted npm package + remote trigger = total codebase wipe. Just one mistyped install, and your project’s gone. Triggered by “remise à zéro” — reset. Details → socket.dev/blog/npm-packa… #npm #CyberSecurity #infosec

☠️A PyPI package posing as an Instagram booster steals your credentials and sends them to bot networks. Social engineering + supply chain threat. Full report → lnkd.in/eKyQzPtg #Python #infosec #OpenSourceSecurity #CyberSecurity

Not all backdoors come through the front :) Two npm packages include a secret kill switch — triggered via POST request to wipe your code. Stealthy, destructive, and published in plain sight. Details → lnkd.in/e_wvpcax #CyberSecurity #JavaScript #npm

🚨 Supply chain attacks hit npm & PyPI: malware in 1M+ downloads steals data, runs commands, and wipes files. A PyPI package steals Instagram creds, spreading them to botnets. Check your dependencies NOW. Full details ↓ thehackernews.com/2025/06/new-su…

Malicious npm packages posing as legitimate application utilities create destructive backdoor endpoints that enable remote deletion of app directories, reported Socket. #cybersecurity #infosec #ITsecurity bit.ly/43XOOdr

⚡️From fake Apple alerts to Wikipedia XSS abuse — malicious browser extensions are evolving fast. Socket's new research breaks down how scammers are hijacking browsers for money, reach, and data. Read → socket.dev/blog/the-growi…

A fake ‘passlib’ package on PyPI shuts down Windows when you mistype a password. Typosquatting + sabotage in the Python ecosystem. Full analysis → socket.dev/blog/malicious… #Python #infosec #OpenSourceSecurity #CyberSecurity

🚨 Active supply chain attack on #npm: Multiple Prettier tooling packages were compromised through the phishing campaign we published about just hours ago. Watch out for more compromised accounts and malicious packages. Follow-up post: socket.dev/blog/npm-phish… #nodejs

‼️npm + PyPI packages delivering surveillance malware to thousands: • Keylogging • Screen capture • Webcam access 56,000+ downloads and growing. Full investigation → lnkd.in/e6VXAJdC #infosec #Python #JavaScript #CyberSecurity

🚨 10 malicious npm packages, 73 repos exposed & code that steals your GitHub token then wipes your machine. 🤯 I analyzed a supply‑chain attack on Toptal’s GitHub org, here’s what happened: socket.dev/blog/toptal-s-… #cybersecurity #SupplyChainSecurity

Vibe coding with LLMs is making developers faster, but also creating new attack surfaces. Socket CEO Feross talks with Joel de la Garza of a16z about the future of AI-assisted software and supply chain security. 🎙️Check out the full episode: socket.dev/blog/ai-a16z-p…

Check this out🔥

🚨 Breaking: npm author Qix compromised. Malicious package versions published in projects that typically see hundreds of millions of downloads each week. Details: socket.dev/blog/npm-autho…

🚨 Ongoing npm supply chain attack: multiple CrowdStrike packages were trojanized in the same campaign that hit Tinycolor yesterday. Full list of compromised packages + mitigations → socket.dev/blog/ongoing-s… #NodeJS #JavaScript

🧐npm packages with 26K downloads that literally do nothing when installed. Yet they're the backbone of a 135-org phishing campaign. I documented how Beamglea turned npm into free phishing infrastructure socket.dev/blog/175-malic… #npm #Cybersecurity #infosecurity #ThreatIntel