🚀 We’re thrilled to announce Socket’s $40M Series B led by @AbstractVC with participation from @eladgil and @a16z!

RT @SocketSecurity: 🚨 Socket’s Threat Research Team has uncovered 60 npm packages using post-install scripts to silently exfiltrate hostnam….

🚨 Socket’s Threat Research Team has uncovered 60 npm packages using post-install scripts to silently exfiltrate hostnames, IP addresses, DNS servers, and user directories to a Discord-controlled endpoint. The payload is identical across all 60 packages:

Microsoft just announced "TypeScript Native Previews." .🎉 The new Go-based compiler is now on npm for public testing, with 10x faster builds and a VS Code extension for early editor support. Here’s what’s new →.#JavaScript #Typescript.

RT @arstechnica: Destructive malware available in NPM repo went unnoticed for 2 years

RT @kpandya_7: 🚨 New npm malware campaign targeting:.• React.• Vue.• Vite.• Node.js.• Quill editor. Deletes files. Crashes systems. Breaks….

🚨 We uncovered a malware campaign on npm targeting devs using #React, #Vue, #Vite, #Nodejs & the Quill rich text editor. These destructive packages delete files, crash systems, and break apps in subtle, chaotic ways. Full report →.#JavaScript #infosec.

RT @SocketSecurity: ⛔ Open source maintainers are urging GitHub to let them block Copilot from submitting AI-generated issues and PRs to th….

RT @happygeek: By me @Forbes: Instagram and TikTok accounts targeted by trio of automated credential checking tools. #kudos @SocketSecurity….

⛔ Open source maintainers are urging GitHub to let them block Copilot from submitting AI-generated issues and PRs to their repos. They’re tired of AI slop wasting their time and draining limited resources.

RT @TheHackersNews: 👀 Devs, you're being hunted. 3 Python packages quietly turned stolen emails into verified TikTok & Instagram targets.….

🚨 Socket found a malicious npm plugin that backdoors Koishi chatbots, exfiltrating any message containing an 8-character hex string to a QQ account. A clear instance of supply chain threats in #chatbot frameworks:. #JavaScript #cybersecurity.

RT @SocketSecurity: 📦 Not all packages are what they seem. In our 2025 mid-year threat report, we break down the top trends in how attacker….

RT @SocketSecurity: The Node.js TSC has declined to endorse a feature bounty program, citing concerns over incentives, governance, and proj….

🚨 New threat research: Malicious #Python packages are abusing TikTok & Instagram APIs to verify stolen emails, enabling targeted account attacks and dark web credential sales.

🚨 Too many security alerts? We're fixing that. Excited to see @TheRegister cover our acquisition of Coana, an elite team building next-gen reachability analysis to cut through vulnerability noise.

The Node.js TSC has declined to endorse a feature bounty program, citing concerns over incentives, governance, and project neutrality. Full breakdown of the decision on the Socket blog →.#nodejs #javascript.

⚠️ New Node.js security release patches a high-severity bug: async cryptographic operations on untrusted input could crash your server (CVE-2025-23166). If you’re on 20.x, 22.x, 23.x, or 24.x, update now. #nodejs.

📦 Not all packages are what they seem. In our 2025 mid-year threat report, we break down the top trends in how attackers are weaponizing open source dependencies to infiltrate supply chains. →

RT @BrendanEich: @ajrgd For dependency graph aka software supply chain security, options include @SocketSecurity, from @feross and team.

Latest update from CISA on its plan to kill off RSS feeds in favor of publishing updates on X: "We have paused immediate changes while we re-assess the best approach to sharing with our stakeholders."