Learn the essential steps every developer should take to stay secure on npm and reduce exposure to supply chain attacks.

Experts push back on new claims about AI-driven ransomware, warning that hype and sponsored research are distorting how the threat is understood.

Ruby's creator Matz assumes control of RubyGems and Bundler repositories while former maintainers agree to step back and transfer all rights to end the dispute.

Socket researchers found 10 typosquatted npm packages that auto-run on install, show fake CAPTCHAs, fingerprint by IP, and deploy a credential stealer.

Socket Firewall Enterprise is now available with flexible deployment, configurable policies, and expanded language support.

Open source dashboard CNAPulse tracks CVE Numbering Authorities’ publishing activity, highlighting trends and transparency across the CVE ecosystem.

Detect malware, unsafe data flows, and license issues in GitHub Actions with Socket’s new workflow scanning support.

Add real-time Socket webhook events to your workflows to automatically receive pull request scan results and security alerts in real time.

The Socket Threat Research Team uncovered malicious NuGet packages typosquatting the popular Nethereum project to steal wallet keys.

A single platform for static analysis, secrets detection, container scanning, and CVE checks—built on trusted open source tools, ready to run out of the box.