Socket

フィード

記事のアイキャッチ画像
MCP Spec Updated to Add Structured Tool Output and Improved OAuth 2.1 Compliance
Socket
MCP spec updated with structured tool output, stronger OAuth 2.1 security, resource indicators, and protocol cleanups for safer, more reliable AI workflows.
4日前
記事のアイキャッチ画像
Survey Finds Over Half of CISOs Manage 10+ Security Areas with Limited Legal Protections and Short Tenure
Socket
More than half of CISOs now manage 10+ security areas, often with few legal safeguards and short tenures, yet continue to secure budgets and higher pay.
5日前
記事のアイキャッチ画像
libxml2 Maintainer Ends Embargoed Vulnerability Reports, Citing Unsustainable Burden
Socket
Libxml2’s solo maintainer drops embargoed security fixes, highlighting the burden on unpaid volunteers who keep critical open source software secure.
6日前
記事のアイキャッチ画像
Protestware in JavaScript UI Toolkits on npm Target Russian Language Sites
Socket
Socket investigates hidden protestware in npm packages that blocks user interaction and plays the Ukrainian anthem for Russian-language visitors.
6日前
記事のアイキャッチ画像
The Growing Risk of Malicious Browser Extensions
Socket
Socket researchers uncover how browser extensions in trusted stores are used to hijack sessions, redirect traffic, and manipulate user behavior.
10日前
記事のアイキャッチ画像
2025 Blockchain and Cryptocurrency Threat Report: Malware in the Open Source Supply Chain
Socket
An in-depth analysis of credential stealers, crypto drainers, cryptojackers, and clipboard hijackers abusing open source package registries to compromise Web3 development environments.
11日前
記事のアイキャッチ画像
pnpm 10.12 Introduces Global Virtual Store and Expanded Version Catalogs
はてなブックマークアイコン 3
Socket
pnpm 10.12.1 introduces a global virtual store for faster installs and new options for managing dependencies with version catalogs.
13日前
記事のアイキャッチ画像
Node.js Moves Toward Stable TypeScript Support with Amaro 1.0
Socket
Amaro 1.0 lays the groundwork for stable TypeScript support in Node.js, bringing official .ts loading closer to reality.
13日前
記事のアイキャッチ画像
PyPI Package Disguised as Instagram Growth Tool Harvests User Credentials
Socket
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
17日前
記事のアイキャッチ画像
Socket Now Supports pylock.toml Files
Socket
Socket now supports pylock.toml, enabling secure, reproducible Python builds with advanced scanning and full alignment with PEP 751's new standard.
18日前