Socket
フィード

npm Adopts OIDC for Trusted Publishing in CI/CD Workflows
Socket
npm now supports Trusted Publishing with OIDC, enabling secure package publishing directly from CI/CD workflows without relying on long-lived tokens.
2日前

60 Malicious Ruby Gems Used in Targeted Credential Theft Campaign
Socket
A RubyGems malware campaign used 60 malicious packages posing as automation tools to steal credentials from social media and marketing tool users.
2日前

New CNA Scorecard Tool Ranks CVE Data Quality Across the Ecosystem
Socket
The CNA Scorecard ranks CVE issuers by data completeness, revealing major gaps in patch info and software identifiers across thousands of vulnerabilities.
3日前

Malicious npm Packages Target WhatsApp Developers with Remote Kill Switch
Socket
Two npm packages masquerading as WhatsApp developer libraries include a kill switch that deletes all files if the phone number isn’t whitelisted.
4日前

11 Malicious Go Packages Distribute Obfuscated Remote Payloads
Socket
Socket uncovered 11 malicious Go packages using obfuscated loaders to fetch and execute second-stage payloads via C2 domains.
4日前

TC39 Advances 11 Proposals for Math Precision, Binary APIs, and More
1

Socket
TC39 advances 11 JavaScript proposals, with two moving to Stage 4, bringing better math, binary APIs, and more features one step closer to the ECMAScript spec.
4日前

Critical Vulnerability in NestJS Devtools: Localhost RCE via Sandbox Escape
Socket
A flawed sandbox in @nestjs/devtools-integration lets attackers run code on your machine via CSRF, leading to full Remote Code Execution (RCE).
9日前

Introducing License Overlays: Smarter License Management for Real-World Code
Socket
Customize license detection with Socket’s new license overlays: gain control, reduce noise, and handle edge cases with precision.
9日前

Introducing Rust Support in Socket
Socket
Socket now supports Rust and Cargo, offering package search for all users and experimental SBOM generation for enterprise projects.
10日前

Announcing Precomputed Reachability Analysis in Socket
Socket
Socket’s precomputed reachability slashes false positives by flagging up to 80% of vulnerabilities as irrelevant, with no setup and instant results.
10日前