🚀 We’re thrilled to announce Socket’s $40M Series B led by @AbstractVC with participation from @eladgil and @a16z!

We're so honored to be working with the incredible security team at JumpCloud!

Excited to announce I've joined @SocketSecurity as an Open Source Architect :-)

🚨 New from Socket Threat Research: 9 malicious #NuGet packages deliver time-delayed destructive payloads, designed to crash apps and sabotage industrial control systems. Read the full analysis → https://t.co/UAIWAFTvZ1 #dotnet

Learn how @JumpCloud partnered with Socket to: ⚡ Gain visibility across OSS, licenses & dev environments ⚡ Focus engineers on real, reachable risks ⚡ Block malicious packages with Socket Firewall ⚡ Instantly secure 600+ repos via a simple GitHub App https://t.co/wZkBPuVFXC

“With Socket we can get ahead of threats and prevent malicious packages from being pulled down at all. That’s a huge gap we can close and sleep better at night.” – Lawrence Elitzer, Director of Security, @JumpCloud

Check out Socket CTO @AhmadNassri at @WorkOS' Enterprise Ready Conf: Ahmad joined a panel discussing how enterprise security is adapting, as AI speeds up both software development and attacks targeting developer machines. https://t.co/s6L531E8Y9

🎃

Ten npm packages, using typosquatting to imitate popular legitimate packages, were found to spread credential-stealing malware hidden under four layers of obfuscation, @SocketSecurity reported. #cybersecurity #infosec #ITsecurity #CISO

Ten npm packages, using typosquatting to imitate popular legitimate packages, were found to spread credential-stealing malware hidden under four layers of obfuscation, @SocketSecurity reported. #cybersecurity #infosec #ITsecurity #CISO

‼️Update: the MIT-linked “AI-powered ransomware” report appears to have been taken offline. We updated our post to include an Internet Archive link to the original paper.

Still installing npm packages like it’s 2020? Not all npm installs are treats. 🎃 On the @changelog podcast, @feross shares practical steps every developer should take to reduce exposure to supply chain attacks on npm. → https://t.co/LolvzNztAI #NodeJS #JavaScript

Ten npm packages, using typosquatting to imitate popular legitimate packages, were found to spread credential-stealing malware hidden under four layers of obfuscation, @SocketSecurity reported. #cybersecurity #infosec #ITsecurity #CISO

🧯The security community is pushing back against new claims that 80% of #ransomware attacks are AI-driven, a figure from a recent MIT-linked report now drawing widespread criticism. → https://t.co/wVYjRJXEua

Excellent work from the @SocketSecurity team!

🧯The security community is pushing back against new claims that 80% of #ransomware attacks are AI-driven, a figure from a recent MIT-linked report now drawing widespread criticism. → https://t.co/wVYjRJXEua

🚨 10 fake npm packages (~9.9K installs) hid a cross-platform info stealer. It spawns a fake terminal, pulls a 24 MB payload from 195.133.79[.]43, and drains keyrings — not just browser creds. Instant access to email, cloud, VPNs, and prod DBs. Read details ↓

The #Ruby ecosystem is entering a new phase of governance for its core package tools. Ruby creator Matz assumes control of RubyGems and Bundler as former maintainers agree to transfer all rights to end the dispute. #rubyonrails https://t.co/26iOO5Y0Dh

Socket threat researchers found 10 typosquatted npm packages that auto-run via postinstall, display fake CAPTCHAs, fingerprint IPs, and install a cross-platform credential stealer. Together, they’ve been downloaded ~9,900 times. Read the report →

🔥 Socket Firewall Enterprise adds: • On-prem deployment for secure environments • Configurable security and license policies • Expanded language and registry support • Telemetry and visibility across developer machines Learn more →

🚀 Socket Launch Day 5! Malicious packages are infiltrating development environments before they ever reach production. Today we're answering these threats with the release of Socket Firewall Enterprise: configurable, enterprise-grade protection for modern package ecosystems.