Socket Headlines

Socket Blog

Socket launched Reports, a new page in the Socket dashboard providing chart-based views of vulnerabilities, dependencies, and usage across projects. The feature gives security teams better visibility into their software supply chain.

Companies:Socket

Socket Blog

Socket's Threat Research Team identified 108 malicious Chrome extensions operating as a coordinated campaign, stealing credentials, user identities, and browsing data.

Companies:Socket

Help Net Security

Help Net Security reports on the increasing social engineering attacks targeting open source developers, referencing Socket's findings on the Axios compromise.

Companies:Socket

SecurityWeek

SecurityWeek reports on North Korean threat actors targeting high-profile Node.js maintainers, referencing the Axios supply chain attack.

Companies:Socket

Socket.dev Blog

Socket's threat research team identified additional compromised Trivy artifacts published to Docker Hub, following a previous GitHub Actions compromise. Newly published Docker images (0.69.5 and 0.69.6) were found to contain infostealer indicators of compromise.

Companies:Socket

Socket.dev Blog

Socket identified a supply chain attack on Trivy GitHub Actions where an attacker force-pushed malicious tags, exposing CI/CD secrets. Socket's research details the attack mechanism and potential impact.

Companies:Socket

Socket.dev Blog

Socket's Threat Research Team independently identified a worm-enabled npm supply chain attack, dubbed CanisterWorm, affecting legitimate publisher namespaces and deploying backdoors across numerous packages. The article details the attack's progression and mechanism.

Companies:Socket

Dispatch.com

Socket has announced its new support for PHP, which includes integration with Composer and Packagist. This announcement, made via a press release on Dispatch.com, signifies an expansion of Socket"s capabilities for developers working with PHP.

Companies:Socket

The Hacker News

The Hacker News reports on fake Laravel packages found on Packagist that deploy Remote Access Trojans (RATs) through Composer dependencies. This incident highlights a significant supply chain security threat for Laravel developers.

Companies:Socket

Socket Blog

The article discusses the discovery of malicious packages on Packagist that are disguised as Laravel utility tools. These packages install an encrypted PHP Remote Access Trojan (RAT) through Composer dependencies, posing a security risk to developers who unknowingly include them in their projects. The report highlights the importance of vigilance in managing third-party dependencies in PHP development.

Companies:Socket

Forbes

Forbes profiled Socket and its founder on the heels of its $40 billion series B round.

Companies:Socket