Socket

🚀 We’re thrilled to announce Socket’s $40M Series B led by @AbstractVC with participation from @eladgil and @a16z!

FYI if you're using Trivy in CI right now: 75 of 76 tags on the official GitHub Action were force-pushed to serve malware. Affects 10K+ workflows. If you're not on v0.35.0, assume compromise.

🚨 Trivy is under attack again. Attackers force-pushed 75 of 76 tags in aquasecurity/trivy-action, impacting 10K+ workflows and turning trusted GitHub Actions into malware. Any version ≠ v0.35.0 may execute an infostealer in CI. Analysis forthcoming: socket.dev/blog/trivy-und…

In less than 6 months, companies shipping software in Europe face the first Cyber Resilience Act deadline. @enisa_eu's latest advisory on secure package manager use spells out expectations for SBOMs, dependency monitoring, and vulnerability reporting. socket.dev/blog/enisa-tec…

🪱 Major update to GlassWorm activity on Open VSX: The campaign is now following this pattern: plant sleeper extensions → wire them together via extension packs → activate later → pull payloads from GitHub

🚨 GlassWorm sleeper extensions are now activating on Open VSX. - 20+ new malicious extensions and ~20 sleepers. - Some later weaponized to deliver malware via extension updates. Latest shift: GitHub-hosted VSIX payloads bypass registry takedowns. socket.dev/blog/glassworm…

JavaScript Weekly newsletter is out - and it's about time 😉 (link below)

GlassWorm Malware Evolves to Hide in Dependencies: bit.ly/4uzmXMT by Alexander Culafi

🚨 VSCode & OpenVSX users take note: The "GlassWorm" campaign has evolved to weaponize the very structure of your IDE Extensions. @SocketSecurity just uncovered over 73 new malicious extensions. Read the full technical breakdown + IOCs on our blog socket.dev/blog/open-vsx-…

🚨 Update: Over the weekend we’ve identified 20+ additional malicious extensions tied to this campaign. We are currently monitoring another ~20 "sleeper" extensions that appear related but have not yet delivered the loader.

🎉 Big news for #JavaScript developers: After nearly 9 years of work, the Temporal date-time API has reached Stage 4 at @TC39. It will ship as part of ECMAScript 2026 alongside several other proposals advanced at the latest meeting. Learn more → socket.dev/blog/tc39-adva…

🚨 New Research: We found 73 malicious Open VSX extensions tied to the GlassWorm campaign. Attackers are now spreading the malware transitively by abusing VS Code extension packs and dependencies. Details → socket.dev/blog/open-vsx-… #openvsx #vscode

6 malicious Packagist packages posing as OphimCMS themes ship trojanized jQuery that exfiltrates URLs, injects ads, and hijacks clicks. The payload connects to FUNNULL infrastructure, a provider sanctioned by the @USTreasury for facilitating crypto scams. socket.dev/blog/6-malicio…

@marcba Amazing work! 🤩

Son of a bitch, it worked! 🥳 - Bun backend with Vue-powered reactivity - Controlling a synchronized routine 1000 phone screens - Sync corrected for system time offset with NTP It worked better than I would have ever imagined. Thanks for everything supporting me on this talk ❤️

This is basically like Mastodon for vulnerability records, except data actually propagates across the whole network instead of staying siloed. Federated vulnerability intelligence, along with legacy CVEs, all map into a shared global index with no single point of failure.

🪲 @CIRCL_LU's GCVE initiative launched its decentralized publishing ecosystem today alongside Vulnerability-Lookup 4.1.0. Any CNA, CSIRT, or vendor with a disclosure policy can now publish vulnerability data without routing through a central authority. socket.dev/blog/gcve-laun…

Node.js is moving to annual major releases starting with Node 27. The change ends the long-standing odd/even version model. Here’s what drove the decision and how the new schedule will work. → socket.dev/blog/node-js-m… #nodejs

🦀 5 malicious Rust crates posed as time utilities and attempted to exfiltrate .env secrets from developer environments. Our research uncovered a coordinated campaign using lookalike infrastructure to steal credentials. Read the analysis → socket.dev/blog/5-malicio…