Socket
フィード

Oracle Drags Its Feet in the JavaScript Trademark Dispute
Socket
Oracle seeks to dismiss fraud claims in the JavaScript trademark dispute, delaying the case and avoiding questions about its right to the name.
11時間前

Linux Foundation Warns Open Source Developers: Compliance with Sanctions Is Not Optional
Socket
The Linux Foundation is warning open source developers that compliance with global sanctions is mandatory, highlighting legal risks and restrictions on contributions.
2日前

Maven Central Adds Sigstore Signature Validation
Socket
Maven Central now validates Sigstore signatures, making it easier for developers to verify the provenance of Java packages.
2日前

38% of CISOs Fear They’re Not Moving Fast Enough on AI
Socket
CISOs are racing to adopt AI for cybersecurity, but hurdles in budgets and governance may leave some falling behind in the fight against cyber threats.
3日前

Go Supply Chain Attack: Malicious Package Exploits Go Module Proxy Caching for Persistence
Socket
Socket researchers uncovered a backdoored typosquat of BoltDB in the Go ecosystem, exploiting Go Module Proxy caching to persist undetected for years.
4日前

Socket Joins TC54 to Help Shape the Future of SBOMs, CycloneDX, and PURL
Socket
Socket is joining TC54 to help develop standards for software supply chain security, contributing to the evolution of SBOMs, CycloneDX, and Package URL specifications.
8日前

PyPI’s New Archival Feature Closes a Major Security Gap
Socket
PyPI now allows maintainers to archive projects, improving security and helping users make informed decisions about their dependencies.
8日前

North Korean APT Lazarus Targets Developers with Malicious npm Package
Socket
Malicious npm package postcss-optimizer delivers BeaverTail malware, targeting developer systems; similarities to past campaigns suggest a North Korean connection.
9日前

CISA Brings KEV Data to GitHub
Socket
CISA's KEV data is now on GitHub, offering easier access, API integration, commit history tracking, and automated updates for security teams and researchers.
10日前

Opengrep Emerges as Open Source Alternative Amid Semgrep Licensing Controversy
Socket
Opengrep forks Semgrep to preserve open source SAST in response to controversial licensing changes.
11日前