Join @socket.dev + @cloudflare.social in a livestream NOW discussing #SANDWORM_MODE the Shai-Hulud-Style npm Worm Hijacking CI Workflows and Poisoning AI Toolchains www.youtube.com/watch?v=OQ6w...

The @socket.dev team caught super early signals of this attack campaign leading to preemptive shutdown! proud of the team and our advanced threat detection engine! 💪 Thankful for the rapid response and takedown @npmjs.bsky.social @github.com @cloudflare.social 🙏 #shaihulud #SANDWORM_MODE

Incoming news. Stay tuned.

Really cool to see @npmjs.bsky.social featuring more security information on package pages, including a link to Socket's analysis! 🤩 Here's what you'll find when you click through → socket.dev/blog/socket-... #NodeJS #JavaScript

New Research: Malicious Chrome extension targets Meta Business Suite/Facebook Business Manager, steals TOTP 2FA seeds + codes, and exfiltrates Business Manager exports (People + analytics). Full analysis: socket.dev/blog/malicio...

🚀 Socket Launch Week Day 3: We’re launching supply chain attack campaign tracking in the Socket dashboard!

Add this episode to your podcast listening queue during the holidays. 🎧 Socket CTO @ahmadnassri.com talks through practical AI coding workflows, where AI actually helps teams today, and why the biggest shifts are being driven by economics. socket.dev/blog/enginee...

Congrats @docker.com! This is the right move for the ecosystem. In case you missed this detail: with Docker Hardened Images teams get secure application dependencies by default. @socket.dev Firewall is built in.

🚀 Big News! Docker Hardened Images are now free! We’re partnering with @docker.com to bundle Socket Firewall into supported images, adding supply chain protection during dependency installs and builds. Details → socket.dev/blog/socket-...

We’re partnering with @docker.com to make software development safer for everyone! Socket Firewall Free is now bundled into Docker Hardened Images, adding build-time and dependency-install supply chain protection for @nodejs.org, @python.org, and @rust-lang.org socket.dev/blog/socket-...

🎁 The Nightmare Before Deployment socket.dev/blog/supply-...

🎙️ Why great products don't always win: Socket CEO @feross.bsky.social breaks down a hard truth for technical founders in this conversation with Vlad Kachur on scaling a security company. Check out the full interview → socket.dev/blog/scaling... #appsec #infosec

Shai-Hulud Déjà vu! 🚨 new wave of supply chain attacks hits npm, impacting widely used packages from AsyncAPI, ENS, Postman, PostHog, and Zapier. socket.dev/blog/shai-hu...

🚀 Big news for JavaScript teams: Socket now supports Bun and vlt in beta. You no longer have to choose between innovation and security. Commit a bun.lock or vlt-lock.json and Socket gives you full supply chain protection.

Launch Week Day 3: We're announcing beta support for @bun.sh and @vlt.sh package managers in Socket! 🎉 Developers using emerging JavaScript package managers can now rely on Socket for full supply chain security, dependency graph analysis, and accurate SBOMs.

Check out Socket CTO @ahmadnassri.com at @workos.bsky.social' Enterprise Ready Conf: Ahmad joined a panel discussing how enterprise security is adapting, as AI speeds up both software development and attacks targeting developer machines. socket.dev/blog/how-ent...

nothing beats a Syrian breakfast 🤤 @ Damaski Palace maps.app.goo.gl/NWZatN3mgves...

🚀 Socket Launch Week Day 5! Malicious packages are infiltrating development environments before they ever reach production. Today we're answering these threats with the release of Socket Firewall Enterprise: configurable, enterprise-grade protection for modern package ecosystems.

1️⃣ AI models aren’t just math -- they’re code. And just like npm or PyPI, they can get hacked. Today we’re launching malware scanning for the Hugging Face ecosystem. 🤖🔍 Socket can now detect backdoors and malicious payloads inside AI models themselves. 👇 www.youtube.com/watch?v=9FQy...

for better security: I use 1password cli with direnv to dynamically load env values (ssh keys, tokens, secrets, etc ...) AWS outage -> 1password thinks it's offline -> can't run anything locally which requires secrets🥲

Recognition for Sarah! So deserved! @sarahgooding.bsky.social

Join me next week at the @workos.bsky.social Enterprise Ready Conf. will be speaking on a panel on all things security & how developers can take back control of their software supply chain. If you're attending, lchat with me & the @socket.dev team IRL! enterprise-ready.com

@bun.sh users can now install any package with confidence, knowing that @socket.dev got their back! Free from malicious packages, typosquatting, and other supply chain attacks. socket.dev/blog/socket-...

Supply chain attacks are evolving and so should your security practices. case-in-point: Beamglea - a campaign that turns npm 💔 into a phishing-as-a-service platform This isn't your typical supply chain attack. It's infrastructure weaponization. socket.dev/blog/175-mal...

Happy to share I'm getting back to my roots in open source, this time around on the side of protecting software development! If you haven't yet, you should install @socket.dev for your team!

🚨 npm phishing alert! Attackers are sending emails from spoofed [email protected] addresses linking to a typosquatted clone site (npnjs.com) to steal credentials. This attack is designed to hijack npm accounts. Careful with those email links: socket.dev/blog/npm-phi... #nodejs #JavaScript

get some perspective. 2 million people, surrounded by walls and the sea, under a 17+ year blockade. what if it was in your city? #GazaAttack #Gaza #GazaEverywhere ahmadnassri.github.io/gaza-everywh...

what's with the recent explosion of PMP certification spam on LinkedIn ????

I'm starting to document some of my fundamental learnings in this industry in writing ... took a first stab at some of it in a guesr post at Unified's blog (disclaimer: I'm an advisor) next post will be about TCO & MVP architecture needs for startups

the staggering amount of over-engineering, horrible leadership, and clueles product owners I've seen after ~3 years of being a Fractional CTO really makes me question this entire career / industry... if I had to do it all over again, I'd probably go into banking or law ...

normal 🧠: need to update a single DNS record for my domain dev 🧠: now is the right time to migrate 50+ domains from Google Domains to CloudFlare AND do a full Terraform automation pipeline on GH Actions to manage them all!

I AM HERE!