Erika N Tharp (サープ恵里花)

I joined @SocketSecurity as Sales Engineer, Commercial! Excited to deep dive into software supply chain security and discussions with customers 🎉 SocketにSales Engineerとしてジョインしました！これからまた技術を通してお客様とお話できるのが楽しみです😊

🚨 TeamPCP Compromises Telnyx Python SDK to Deliver Credential-Stealing Malware What happened: Versions 4.87.1 and 4.87.2 of the telnyx Python SDK on PyPI were compromised by TeamPCP with credential-stealing malware. PyPI has quarantined both versions. Users should pin to 4.87.0. How it works: Three-stage attack chain. Malicious code injected into _client.py (the core HTTP client), so it fires at import telnyx – not via postinstall hooks, which are heavily monitored. Dual OS-specific paths: Windows gets a persistent binary dropped in the Startup folder disguised as msbuild.exe; Linux/macOS gets a one-shot fileless harvester that exfiltrates credentials and self-destructs. Notable tradecraft: - Audio steganography for payload delivery – second-stage harvester hidden in WAV files downloaded from C2, extracted via base64 + XOR - Fileless execution on Linux – harvester runs via stdin pipe to a child Python process, never touches disk - Hybrid encryption on exfil – AES-256-CBC with RSA-4096 wrapped session keys using OAEP padding. Data is unrecoverable without the attacker’s private key - No new dependencies added – uses only stdlib modules and system openssl/curl Operational details: The attacker shipped a bugfix release (4.87.2) solely to fix a case-sensitivity typo that broke the Windows path. This confirms sustained access to publishing credentials and an active testing pipeline. Neither malicious version has corresponding commits in the official GitHub repo. C2: 83.142.209.203:8080, plain HTTP, telephony-themed filenames (ringtone.wav, hangup.wav). Action items: Rotate all credentials from any environment that imported these versions. Block the C2 IP. Check Windows Startup folders. Purge from internal mirrors.

TeamPCP has partnered with ransomware group Vect after exfiltrating ~300GB of credentials from CI/CD environments, targeting open source supply chains. “We will chain these compromises into devastating follow-on ransomware campaigns.” Details → socket.dev/blog/teampcp-p…

When the CEO of a $600M+ ARR public company calls out your startup directly, your team and customers deserve a response. @JFrog's CEO published a post today calling @SocketSecurity a "fragile, commercialized illusion of security" that "wraps open source scanners." This isn't the kind of discourse that makes our industry better. But since he named us, here are the facts. The attack he references -- the Trivy/Aqua supply chain compromise -- is one Socket helped expose. Our threat research team independently identified the OpenVSX extension attack on March 2, the 75+ compromised GitHub Actions tags on March 19, and the poisoned Docker Hub images on March 22. He's citing our work to make his case against us. On the core question -- who's actually finding supply chain threats -- the public record is clear. JFrog's research page lists ~5,000 findings across their entire 18-year history as a company. Socket discovers ~10,000 malicious packages *per week*. We've identified ~250,000 unique supply chain attacks. These numbers are all public. We publish our research, our detections, and our threat data publicly. Anyone can evaluate the work. We report our findings to the registries, where they end up protecting JFrog's own customers through OpenSSF. Scanners find known CVEs. Socket finds attackers. Those are different problems, and conflating them is either a mistake or a choice. JFrog's SEC filings show security is 7% of their FY2025 revenue. 93% of their customers aren't buying their storytelling either. Back to building.

These tools are secret + infrastructure + code security scanners by design and used in critical enterprise workflows. If compromised, they risk exposing production environments' secrets with a direct view into where the weak points are. socket.dev/blog/teampcp-t…

AI agents are writing up to 90% of new production code. What does that mean for open source security? Socket CEO @feross joined the @riskybusiness podcast to break down this seismic shift and the growing risk to the software supply chain. Full Episode → socket.dev/blog/risky-biz…

@yokawasa SEAに寄られませんか！！

ちょっくら出張行ってくる HND→SFO 🛫

🚨 Active supply chain attack New Shai-Hulud–like npm worm (19+ packages, 2 aliases) stealing dev/CI secrets, injecting GitHub workflows, poisoning AI toolchains, and harvesting LLM API keys. Details → socket.dev/blog/sandworm-… #NodeJS #JavaScript

BIG NEWS: @SocketSecurity is now scanning AI agent skills across multiple languages and ecosystems, detecting malicious behavior before developers install, starting with 60,000+ skills. socket.dev/blog/socket-br…

Really cool to see @npmjs featuring more security information on package pages, including a link to Socket's analysis! 🤩 Here's what you'll find when you click through → socket.dev/blog/socket-se… #NodeJS #JavaScript

記事を投稿しました！ Kubernetes本番運用で必ず実装すべきセキュリティ設定10選 on #Qiita qiita.com/keitah/items/c…

のだめカンタービレののだめに似てる事を言われた事はあるけど(多分性格が)この人に似てると言われたのは初めて。

ぼーっとする大会、すごいなw 考えた人天才

@hiro_baila 今度はどちらへ！

しゅっこくしゅっこく

@chomado もちろんです！いつでもDMください😀

@etharp5 ありがとうございます😭😭 ぜひ一度お話(お茶)のお時間をいただけたら大変嬉しいです🙇ありがとうございます！ありがとうございます！

パッと思いつく限りでは @KanakoKode16 @etharp5 @hirokonishimura 辺りかなぁ…

今日です！YouTube Liveです！ぜひご参加くださいー 春のSREまつり 〜 大規模サービス "あるある" との戦い事例 〜 mixi.connpass.com/event/347532/ #春のSREまつり

今日より @CSC_JP USチームのHead of GTM(go-to-market)としてジョインしました！ 新たな挑戦となりますがワクワク100%です。

@hirokonishimura Recipe please!🙏

Getting better at making carrot fries (French fries according to the toddler) 🍟

@kzk_maeda 最近目にするMCP。手を動かせば理解出来るんだと思うのですが、前田さんがオススメする読み物とかありますか？いろいろ読んでみるもなぜか腑に落ちず。。MCP以前のLLMと他のソースのつながり方を理解すればもっとわかりやすいのですかね、MCPのベネフィットが。1

MCP Serverのguardrail的に振る舞えるMCP Serverを有効にできたら、安全に組織内にMCP使った運用を展開できるんだけどなぁ 結局どのMCPを使うかはMCP ClientのAgent判断だし、レイヤとかも特にないので全然バイパスできる