Socket
フィード

Wallet-Draining npm Package Impersonates Nodemailer to Hijack Crypto Transactions
Socket
Malicious npm package impersonates Nodemailer and drains wallets by hijacking crypto transactions across multiple blockchains.
2日前

Risky Biz Podcast: Making Reachability Analysis Work in Real-World Codebases
Socket
This episode explores the hard problem of reachability analysis, from static analysis limits to handling dynamic languages and massive dependency trees.
3日前

Nx npm Packages Compromised in Supply Chain Attack Weaponizing AI CLI Tools
Socket
Malicious Nx npm versions stole secrets and wallet info using AI CLI tools; Socket’s AI scanner detected the supply chain attack and flagged the malware.
4日前

CISA’s 2025 SBOM Guidance Adds Hashes, Licenses, Tool Metadata, and Context
Socket
CISA’s 2025 draft SBOM guidance adds new fields like hashes, licenses, and tool metadata to make software inventories more actionable.
6日前

Follow-up and Clarification on Recent Malicious Ruby Gems Campaign
Socket
A clarification on our recent research investigating 60 malicious Ruby gems.
9日前

ESLint Adds Support for Parallel Linting, Closing 10-Year-Old Feature Request
1

Socket
ESLint now supports parallel linting with a new --concurrency flag, delivering major speed gains and closing a 10-year-old feature request.
9日前

Malicious Go Module Disguised as SSH Brute Forcer Exfiltrates Credentials via Telegram
Socket
A malicious Go module posing as an SSH brute forcer exfiltrates stolen credentials to a Telegram bot controlled by a Russian-speaking threat actor.
10日前

Rspack Introduces Rslint, a TypeScript-First Linter Written in Go
Socket
Rspack launches Rslint, a fast TypeScript-first linter built on typescript-go, joining in on the trend of toolchains creating their own linters.
11日前

Researcher Exposes Zero-Day Clickjacking Vulnerabilities in Major Password Managers
14

Socket
Hacker Demonstrates How Easy It Is To Steal Data From Popular Password Managers
12日前

Oxlint Introduces Type-Aware Linting Preview
2

Socket
Oxlint’s new preview brings type-aware linting powered by typescript-go, combining advanced TypeScript rules with native-speed performance.
13日前