Recent coverage mislabels the latest TEA protocol spam as a worm. Here’s what’s actually happening.

PyPI adds Trusted Publishing support for GitLab Self-Managed as adoption reaches 25% of uploads

A malicious Chrome extension posing as an Ethereum wallet steals seed phrases by encoding them into Sui transactions, enabling full wallet takeover.

Socket is heading to London! Stop by our booth or schedule a meeting to see what we've been working on.

OWASP’s 2025 Top 10 introduces Software Supply Chain Failures as a new category, reflecting rising concern over dependency and build system risks.

Socket researchers discovered nine malicious NuGet packages that use time-delayed payloads to crash applications and corrupt industrial control systems.

Socket CTO Ahmad Nassri discusses why supply chain attacks now target developer machines and what AI means for the future of enterprise security.

Learn the essential steps every developer should take to stay secure on npm and reduce exposure to supply chain attacks.

Experts push back on new claims about AI-driven ransomware, warning that hype and sponsored research are distorting how the threat is understood.

Ruby's creator Matz assumes control of RubyGems and Bundler repositories while former maintainers agree to step back and transfer all rights to end the dispute.