Add real-time Socket webhook events to your workflows to automatically receive software supply chain alert changes in real time.

ENISA has become a CVE Program Root, giving the EU a central authority for coordinating vulnerability reporting, disclosure, and cross-border response.

Socket now scans OpenVSX extensions, giving teams early detection of risky behaviors, hidden capabilities, and supply chain threats in developer tools.

Bringing supply chain security to the next generation of JavaScript package managers

A safer, faster way to eliminate vulnerabilities without updating dependencies

Reachability analysis for Ruby is now in beta, helping teams identify which vulnerabilities are truly exploitable in their applications.

Malicious npm packages use Adspect cloaking and fake CAPTCHAs to fingerprint visitors and redirect victims to crypto-themed scam sites.

Recent coverage mislabels the latest TEA protocol spam as a worm. Here’s what’s actually happening.

PyPI adds Trusted Publishing support for GitLab Self-Managed as adoption reaches 25% of uploads

A malicious Chrome extension posing as an Ethereum wallet steals seed phrases by encoding them into Sui transactions, enabling full wallet takeover.