Log inSign up
Socket
3,220 posts
Image
user avatar
Socket
@SocketSecurity
Socket is the #1 software supply chain security platform. Next-gen SCA + SBOM + 0-day prevention. LOVED BY DEVELOPERS. 👀 @npm_malware
https://socket.dev/careers
socket.dev
Joined November 2021
4,603
Following
21.7K
Followers
AffiliatesAffiliatesRepliesRepliesMediaMedia

New to X?

Sign up now to get your own personalized timeline!

Create account

By signing up, you agree to the Terms of Service and Privacy Policy, including Cookie Use.

Terms·Privacy·Cookies·Accessibility·Ads Info·© 2026 X Corp.
Don't miss what's happening
People on X are the first to know.
Log inSign up
  • Pinned
    user avatar
    Socket
    @SocketSecurity
    May 22
    Today is a big day for Socket.
    user avatar
    Feross
    Socket
    @feross
    May 20
    Today is a big day for @SocketSecurity. We just raised a $60M Series C at a $1B valuation, led by @ThriveCapital with participation from @a16z, @AbstractVC, and @CapitalOne Ventures. Total funding is now $125M. Four years ago, we started Socket because open source dependencies
    Image
    27K
  • user avatar
    Socket
    @SocketSecurity
    19h
    🚨 Update: The jscrambler attacker published four more malicious releases: 8.16.0, 8.17.0, 8.18.0, and 8.20.0 with the same infostealer payload. In 8.18.0 and 8.20.0, the dropper moved out of preinstall and into package code, bypassing npm install --ignore-scripts. Jscrambler
    user avatar
    Socket
    @SocketSecurity
    23h
    🚨 BREAKING: Socket has identified a supply chain attack targeting the popular jscrambler npm package. The compromised [email protected] release uses a malicious preinstall hook to execute hidden Windows, macOS, or Linux binaries during npm install.
    Image
    21K
  • Socket reposted
    user avatar
    Dark Web Informer
    @DarkWebInformer
    23h
    🚨 ALERT: Socket has identified the jscrambler npm package as the target of a supply chain attack. 👇
    user avatar
    Socket
    @SocketSecurity
    23h
    🚨 BREAKING: Socket has identified a supply chain attack targeting the popular jscrambler npm package. The compromised [email protected] release uses a malicious preinstall hook to execute hidden Windows, macOS, or Linux binaries during npm install.
    Image
    12K
  • user avatar
    Socket
    @SocketSecurity
    23h
    🚨 BREAKING: Socket has identified a supply chain attack targeting the popular jscrambler npm package. The compromised [email protected] release uses a malicious preinstall hook to execute hidden Windows, macOS, or Linux binaries during npm install.
    Image
    44K
    user avatar
    Socket
    @SocketSecurity
    23h
    The malicious release was published today and detected by Socket 6 minutes later. Remove 8.14.0 and pin to 8.13.0 or another verified clean release. We reported the compromise to the Jscrambler maintainers. Will update as our investigation continues:
    A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.
    jscrambler npm Package Compromised in Supply Chain Attack - ...
    From socket.dev
    1.8K
  • Socket reposted
    user avatar
    BleepingComputer
    @BleepinComputer
    Jul 9
    Injective SDK on npm infected with cryptocurrency wallet stealer bleepingcomputer.com/news/security/…
    Image
    Injective SDK on npm infected with cryptocurrency wallet stealer
    From bleepingcomputer.com
    11K
  • Socket reposted
    user avatar
    The Hacker News
    @TheHackersNews
    Jul 10
    🚨 Attackers compromised Injective Labs’ #GitHub repo and published npm package 1.20.21 with code that sent crypto wallet private keys and seed phrases to an external server. Users should update to 1.20.23 and rotate exposed secrets. Read more: thehackernews.com/2026/07/inject…
    Image
    22K
  • Socket reposted
    user avatar
    Pierluigi Paganini - Security Affairs
    @securityaffairs
    Jul 10
    @SocketSecurity 222 #GitHub Repositories Linked to Fake Go Package #Malware Operation securityaffairs.com/195101/securit… #securityaffairs #hacking
    Image
    222 GitHub Repositories Linked to Fake Go Package Malware Operation
    From securityaffairs.com
    1.5K
  • Socket reposted
    user avatar
    Socket
    @SocketSecurity
    Jul 9
    New Research: A fake Braintree SDK on NuGet is skimming live payment card data and stealing merchant credentials in production. Its 14M download count is massively inflated to rank it right next to the real package. Full analysis →
    A malicious .NET package is typosquatting the Braintree SDK to steal live payment card data, merchant API keys, and host secrets from production apps....
    Fake Braintree NuGet Package Skims Credit Cards and Harvests...
    From socket.dev
    4.5K
  • Socket reposted
    user avatar
    Feross
    Socket
    @feross
    Jul 9
    🔺 Another supply chain attack -- with some interesting twists.
    user avatar
    Socket
    @SocketSecurity
    Jul 9
    🚨 Socket detected a software supply chain compromise in @​injectivelabs/sdk-ts, a popular npm package with ~50,000 weekly downloads and 87 npm dependents. The malicious release hooks wallet key-derivation functions, records private keys and mnemonics, and exfiltrates them
    Image
    4.5K
  • Socket reposted
    user avatar
    Bret Comnes
    @bcomnes
    Jul 10
    Extremely important change
    user avatar
    Socket
    @SocketSecurity
    Jul 8
    🎉 npm v12 is here! Install scripts are now off by default, git and remote-URL deps no longer resolve unless you allow them, and 2FA-bypass tokens are starting to be phased out. Details → socket.dev/blog/npm-12 #nodejs
    4.2K
  • user avatar
    Socket
    @SocketSecurity
    Jul 9
    New Research: A fake Braintree SDK on NuGet is skimming live payment card data and stealing merchant credentials in production. Its 14M download count is massively inflated to rank it right next to the real package. Full analysis →
    A malicious .NET package is typosquatting the Braintree SDK to steal live payment card data, merchant API keys, and host secrets from production apps....
    Fake Braintree NuGet Package Skims Credit Cards and Harvests...
    From socket.dev
    4.5K
  • Socket reposted
    user avatar
    Socket
    @SocketSecurity
    Jul 8
    🎉 npm v12 is here! Install scripts are now off by default, git and remote-URL deps no longer resolve unless you allow them, and 2FA-bypass tokens are starting to be phased out. Details → socket.dev/blog/npm-12 #nodejs
    npm v12 is generally available, turning install scripts off by default and beginning the deprecation of 2FA-bypass publishing tokens.
    npm v12 Ships With Install Scripts Off by Default, Begins De...
    From socket.dev
    18K
  • Socket reposted
    user avatar
    Feross
    Socket
    @feross
    Jul 8
    🔺 Socket researchers found a malicious Go module posing as a DNS/subdomain scanner. Following that trail exposed 222 GitHub repositories across 190 accounts: fake software projects used to stage Windows RAT and infostealer malware. Full analysis →
    user avatar
    Socket
    @SocketSecurity
    Jul 8
    🔺 Socket researchers found a malicious Go module posing as a DNS/subdomain scanner. Following that trail exposed 222 GitHub repositories across 190 accounts: fake software projects used to stage Windows RAT and infostealer malware. Full analysis → socket.dev/blog/malicious…
    4.7K
  • user avatar
    Socket
    @SocketSecurity
    Jul 9
    🚨 Socket detected a software supply chain compromise in @​injectivelabs/sdk-ts, a popular npm package with ~50,000 weekly downloads and 87 npm dependents. The malicious release hooks wallet key-derivation functions, records private keys and mnemonics, and exfiltrates them
    Image
    19K
    user avatar
    Socket
    @SocketSecurity
    Jul 9
    The malicious 1.20.21 version was also pinned across 17 other @​injectivelabs scoped packages, exposing users who may not have installed the SDK directly. Any keys or mnemonics passed through affected packages should be treated as compromised.
    Compromised Injective SDK npm version 1.20.21 exfiltrates wallet private keys and mnemonics through fake telemetry functionality.
    Compromised Injective SDK npm Package Exfiltrates Wallet Key...
    From socket.dev
    1.3K
Advertisement
Advertisement