Join Socket + Cloudflare in a livestream NOW discussing #SANDWORM_MODE the Shai-Hulud-Style npm Worm Hijacking CI Workflows and Poisoning AI Toolchains
www.youtube.com/watch?v=OQ6w...
Join @socket.dev + @cloudflare.social in a livestream NOW discussing #SANDWORM_MODE the Shai-Hulud-Style npm Worm Hijacking CI Workflows and Poisoning AI Toolchains
www.youtube.com/watch?v=OQ6w...
If you think your organization may have been affected or would like help assessing your exposure, please reach out and we will help.
If you are a @socket.dev customer, these packages are automatically blocked in the environments where Socket is deployed (and have been blocked since our initial confirmation ~36 hours ago).
The campaign is designed to steal credentials from developer workstations and CI environments, inject malicious GitHub Actions workflows for self-propagation, poison AI toolchains via rogue MCP servers, and exfiltrate LLM API keys.
The @socket.dev team caught super early signals of this attack campaign leading to preemptive shutdown! proud of the team and our advanced threat detection engine! πͺ
Thankful for the rapid response and takedown @npmjs.bsky.social @github.com @cloudflare.social π
#shaihulud #SANDWORM_MODE
Incoming news. Stay tuned.
Really cool to see @npmjs.bsky.social featuring more security information on package pages, including a link to Socket's analysis! π€©
Here's what you'll find when you click through β
socket.dev/blog/socket-... #NodeJS #JavaScript
New Research: Malicious Chrome extension targets Meta Business Suite/Facebook Business Manager, steals TOTP 2FA seeds + codes, and exfiltrates Business Manager exports (People + analytics).
Full analysis: socket.dev/blog/malicio...
π Socket Launch Week Day 3: Weβre launching supply chain attack campaign tracking in the Socket dashboard!
Add this episode to your podcast listening queue during the holidays. π§
Socket CTO @ahmadnassri.com talks through practical AI coding workflows, where AI actually helps teams today, and why the biggest shifts are being driven by economics.
socket.dev/blog/enginee...
Congrats @docker.com! This is the right move for the ecosystem.
In case you missed this detail: with Docker Hardened Images teams get secure application dependencies by default. @socket.dev Firewall is built in.
π Big News! Docker Hardened Images are now free! Weβre partnering with @docker.com to bundle Socket Firewall into supported images, adding supply chain protection during dependency installs and builds.
Details β socket.dev/blog/socket-...
Weβre partnering with @docker.com to make software development safer for everyone!
Socket Firewall Free is now bundled into Docker Hardened Images, adding build-time and dependency-install supply chain protection for @nodejs.org, @python.org, and @rust-lang.org
socket.dev/blog/socket-...
π The Nightmare Before Deployment
socket.dev/blog/supply-...
left some thoughts in the thread, moving away from postinstall is definitely a step in the right direction, but it will not alleviate security scanning concerns.
ποΈ Why great products don't always win: Socket CEO @feross.bsky.social breaks down a hard truth for technical founders in this conversation with Vlad Kachur on scaling a security company.
Check out the full interview β socket.dev/blog/scaling... #appsec #infosec
Shai-Hulud DΓ©jΓ vu!
π¨ new wave of supply chain attacks hits npm, impacting widely used packages from AsyncAPI, ENS, Postman, PostHog, and Zapier.
socket.dev/blog/shai-hu...
π Big news for JavaScript teams: Socket now supports Bun and vlt in beta.
You no longer have to choose between innovation and security. Commit a bun.lock or vlt-lock.json and Socket gives you full supply chain protection.
Launch Week Day 3: We're announcing beta support for
@bun.sh and @vlt.sh package managers in Socket! π
Developers using emerging JavaScript package managers can now rely on Socket for full supply chain security, dependency graph analysis, and accurate SBOMs.
Check out Socket CTO @ahmadnassri.com
at @workos.bsky.social' Enterprise Ready Conf: Ahmad joined a panel discussing how enterprise security is adapting, as AI speeds up both software development and attacks targeting developer machines. socket.dev/blog/how-ent...
soon inshallah.
nothing beats a Syrian breakfast π€€
@ Damaski Palace maps.app.goo.gl/NWZatN3mgves...
π Socket Launch Week Day 5!
Malicious packages are infiltrating development environments before they ever reach production.
Today we're answering these threats with the release of Socket Firewall Enterprise: configurable, enterprise-grade protection for modern package ecosystems.
1οΈβ£
AI models arenβt just math -- theyβre code.
And just like npm or PyPI, they can get hacked.
Today weβre launching malware scanning for the Hugging Face ecosystem. π€π
Socket can now detect backdoors and malicious payloads inside AI models themselves.
π
www.youtube.com/watch?v=9FQy...
for better security: I use 1password cli with direnv to dynamically load env values (ssh keys, tokens, secrets, etc ...)
AWS outage -> 1password thinks it's offline -> can't run anything locally which requires secretsπ₯²
Recognition for Sarah! So deserved! @sarahgooding.bsky.social
Join me next week at the @workos.bsky.social Enterprise Ready Conf. will be speaking on a panel on all things security & how developers can take back control of their software supply chain.
If you're attending, lchat with me & the @socket.dev team IRL!
enterprise-ready.com
@bun.sh users can now install any package with confidence, knowing that @socket.dev got their back!
Free from malicious packages, typosquatting, and other supply chain attacks.
socket.dev/blog/socket-...
β 175 malicious packages
β 135+ targeted organizations
β 26,800+ downloads
β Fully automated victim generation
β Pre-filled credential forms
β Complete PyInstaller toolkit included
Technical deep-dive with full IOCs: π socket.dev/blog/175-mal...
