Socket

We started Socket with a simple but audacious goal: to safeguard the open source ecosystem for everyone. Today, that dream is a bit brighter—literally! Our logo is lighting up Times Square! Every great company is a conspiracy to change the world. Thank you to our many co-conspirators — our early customers, founding employees, investors, mentors, and the open source and security communities — we wouldn't be here without your support. We're just getting started.

🚨 Socket’s threat research team has discovered a malicious npm package posing as a tool for detecting vulnerabilities in #Ethereum smart contracts. Instead, it deploys Quasar RAT, a versatile remote access trojan, onto developers’ machines. https://lnkd.in/ePkGVQjw #Crypto

🚨 Rspack has been hit with a supply chain attack that injected cryptojacking malware into two Rspeck npm packages. Versions 1.1.7 of both the core and CLI packages are affected. They were released by an attacker who gained unauthorized npm publishing access. Rspack was launched in 2023 as a drop-in replacement for webpack. In a relatively short time, the tool has managed to gain adoption at many large companies, including Microsoft, Amazon, Discord, and Alibaba. The Rspack core package is downloaded approximately 370K times per week and the CLI package has nearly 135K weekly downloads. This supply chain attack has the potential to impact thousands of developers at numerous high-profile enterprises. https://lnkd.in/eWi-QHVA #JavaScript

Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data. They're targeting developers through fake Windows utilities and malicious Solara development packages. https://lnkd.in/eg6WUz8X #JavaScript

There are some interesting shifts happening around efforts to fund #OSS maintainers - Sonar is acquiring Tidelift to scale their efforts, and Open Source Collective launched Ecosystem Funds in collaboration with ecosyste.ms to fund open source software, including the often-overlooked deep dependencies, by distributing resources across a broader range of projects within each ecosystem. https://lnkd.in/eEFScPen

A fascinating Reddit AMA is happening right now with ransomware negotiators, offering a rare glimpse into how modern #ransomware operations really work. https://lnkd.in/exN56WY8 #cybersecurity

PyPI confirms no security flaws were exploited in the Ultralytics supply chain attack and the team is working on two new efforts to nudge developers towards more secure publishing configurations. https://lnkd.in/gayiQFkg #Python Python Software Foundation

🚨 Socket researchers discovered a wrapper package on #npm that uses obfuscation to harvest credentials and exfiltrate sensitive data. This threat actor is a repeat publisher of malicious packages, which have accumulated over 10K downloads in the past year. https://lnkd.in/eiRRy2uH #JavaScript

Another typosquatting attack on npm - this time targeting developers attempting to install the popular #TypeScript ESLint plugin. The malicious package compromised development environments, exfiltrated data, and enabled real-time exploitation. https://lnkd.in/gEjZDPsX #JavaScript

The Ultralytics' #PyPI Package was compromised 4 times in one weekend through GitHub Actions cache poisoning and failure to rotate compromised API tokens. This attack shows the limitation of attestation in scenarios where build artifacts can be tampered with through cache poisoning. https://lnkd.in/eiZDNm-x #Python #Cybersecurity