Rust is moving toward a formal LLM contribution policy after months of heated internal debate, driven by a wave of low-effort "slop PRs" straining maintainers. The proposal bans LLM authorship but allows private use. socket.dev/blog/rust-mo...

🚨 Active supply chain attack: A mini Shai-Hulud campaign hit npm packages under the @​redhat-cloud-services namespace. The compromised packages execute install-time malware to harvest developer and CI/CD secrets, with encrypted exfiltration and GitHub-based fallback. socket.dev/blog/mini-sh...

Open source maintainers were already overloaded. AI-driven vulnerability discovery is about to send a lot more findings their way. @feross.bsky.social on TBPN 👇 socket.dev/blog/feross-...

🚨 BREAKING: Active supply chain attack across npm, PyPI, and Crates.​io. Socket detected TrapDoor, a crypto stealer campaign hitting 34 malicious packages and 384 versions and artifacts, with attackers repeatedly pushing new releases across ecosystems. socket.dev/blog/trapdoo...

"AI is now driving both the production and consumption of open source software. AI-generated music ends in human ears, and AI-generated images mostly benefit humans, but AI-generated software is an ouroboros (a snake eating its own tail) which is just getting started." - @staltz.com

"To every maintainer and developer working in open source: we see what you're up against, we're with you, and we're going to keep working to defend it." 🥹💜

🚨 BREAKING: Socket is investigating an active npm supply chain attack compromising hundreds of packages in the @​antv ecosystem. The malicious publish wave appears tied to Mini Shai-Hulud and packages connected to the npm maintainer account atool.

🚨 Socket detected malicious activity in newly published versions of node-ipc, an npm package with 822K weekly downloads. Affected versions: [email protected] [email protected] [email protected] Socket’s AI scanner flagged the malware within ~3 minutes of publication.

🐘 @packagist.com is urging #PHP projects to update Composer after a GitHub token format change caused some GitHub Actions tokens to be exposed in CI logs. GitHub has rolled back the token change for now, but affected projects still need to update Composer. socket.dev/blog/packagi...

Was a good morning to roll out our @socket.dev firewall integration which had these packages blocked in ~6min from publish.

🚨 UPDATE: Mini Shai-Hulud has crossed from @npmjs.bsky.social into @pypi.org and is still spreading. Newly confirmed compromised artifacts: @​opensearch-project/opensearch: 3.5.3, 3.6.2, 3.7.0, 3.8.0 (1.3M weekly downloads) mistralai: 2.4.6 on PyPI guardrails-ai: 0.10.1 on PyPI

84 TanStack npm package artifacts were compromised in the ongoing Mini Shai-Hulud supply chain attack, adding suspected CI credential-stealing malware. Socket flagged every malicious version within six minutes of publication. Details: socket.dev/blog/tanstac...

A maintainer access dispute in fsnotify, a Go library used by 321k projects for cross-platform file notifications, raised supply chain concerns this week after contributors were removed from the GitHub org and a deleted X post fueled takeover speculation. socket.dev/blog/fsnotif... #golang

🔺 Socket is releasing free Certified Patches for a critical sandbox escape vulnerability in vm2. The advisory flags only vm2 3.10.4 on Node 25, but we found it affects all versions before 3.10.5 on Node.js runtimes with WebAssembly.JSTag, including Node.js 24.x. socket.dev/blog/free-ce...

🧊 Big release for #JavaScript supply chain security: @pnpm.io 11 now defaults to a 1-day Minimum Release Age, blocks exotic subdependencies, and adds a new Allow Builds model. A strong step toward reducing exposure to fast-moving npm attacks → socket.dev/blog/pnpm-11... #nodejs

🚨 Active supply chain attacks on both PyPI and npm today. lightning 2.6.2/2.6.3 and intercom-client 7.0.4 are compromised with credential-stealing malware. Same attacker, same tooling, two ecosystems. Downgrade immediately.

Thanks to @jessicalyons.bsky.social for bringing more attention to this story. OSS security tools are getting hammered right now, and this piece captures why these incidents matter beyond any one vendor compromise.

We’re so thrilled to have @johntuckner.me join the team! He’s already been doing outstanding work on extension security, and we’re excited to move faster and build more with him at Socket. 💜

We’re tracking 73 Open VSX sleeper extensions tied to the GlassWorm campaign, with at least 6 already activated to deliver malware. These cloned extensions initially appear benign, then later become malware delivery vehicles through normal updates. socket.dev/blog/73-open...

Exciting to see the fake stars research from CMU, NCSU, and Socket engineers featured on @awesomeagents.bsky.social! This is the origin of our "Suspicious Stars on GitHub" supply chain alert for packages that are associated with these repos. More info here: ⭐️ socket.dev/blog/3-7-mil...

🔺 We updated our technical analysis for the Bitwarden compromise. Third supply chain compromise in 3 days: a security scanner, an AI agent CLI, and a password manager CLI. Attackers are hammering tools with privileged access to infrastructure, so keep your eyes open this week. This is life now.

Heads up! Bitwarden CLI 2026.4.0 was compromised as part of the ongoing Checkmarx supply chain campaign after attackers abused a GitHub Action in Bitwarden’s CI/CD pipeline. We’ll continue updating our coverage as more details are confirmed. socket.dev/blog/bitward...

PSA: "Organizations that used the affected image to scan Terraform, CloudFormation, or Kubernetes configurations should consider any secrets or credentials exposed to those scans potentially at risk."

🚨 Breaking: Namastex Labs, the team behind Automagik[.]dev, hit with a supply chain attack affecting its npm packages. The malicious versions replicate TeamPCP-style Canister Worm tradecraft, including secret theft, exfiltration, and self-propagation. socket.dev/blog/namaste...

🚀 Day 2 of Socket Launch Week: Introducing Reports! Reports is a new page in the Socket dashboard for chart-based views of vulnerabilities, dependencies, and usage, built to make that data easier to share across reviews, presentations, and recurring reporting workflows.

🚀 We’re kicking off another Launch Week at Socket, with something new to share every day this week! First up: Socket for Jira is now available! This new integration lets teams turn alerts into Jira tickets with manual creation, automated ticketing rules, and two-way sync.

❗️NIST is officially giving up on enriching most CVEs. Only KEV, federal software, & EO 14028 critical software will get CVSS scores and CPE data. Everything else gets labeled "Not Scheduled." What happens when AI-driven discovery meets a shrinking NVD → socket.dev/blog/nist-of...

Nobody reads the code before installing it. That’s always been the reality of open source security, but now AI is massively increasing the amount of code being written and shipped. @feross.bsky.social breaks it down in 10 minutes on @rohdeali.bsky.social's podcast: www.youtube.com/shorts/euRDj...

🔥 Let's gooooo! More firepower for defending open source.

Headless websites are usually a mistake. Sold as flexible and fast. Delivered as complex and slow. Most teams end up rebuilding what the web already does, just worse. This isn’t progress. It’s engineering vanity. www.jonoalderson.com/conjecture/h...

Big thanks to the team at @darkreading.bsky.social for helping bring attention to this coordinated social engineering campaign:

📖 This article by @sarahgooding.bsky.social at @socket.dev highlights a concerning trend (ref. socket.dev/blog/attacke...) 📕 Story time: this kind of supply chain targeting isn't unique. I myself & everyone on our team @vlt.sh have been the targets of consistent, concerted efforts.

It's absolutely unbelievable the levels of social engineering maintainers have to be alert to these days. Hopefully the general media pick up on @sarahgooding.bsky.social's story to raise awareness more widely. #npm #nodejs #security

Wanted to warn the #NodeJS community: This campaign is active. Thank you to the maintainers who shared their stories - some of these came frighteningly close. One got all the way to the fake meeting before walking away. The more we talk about this, the harder it is for these attacks to succeed.

Most critical OSS projects don’t have independent security budgets, so it's not unusual that even something as central as @nodejs.org depended on pooled funding models like the IBB. If open source consumers want these kinds of security incentives to exist, they need to step up to fund them.

We’re seeing cases where teams can’t explain how they were compromised by the Axios incident because it doesn’t show up in their project's lockfile. The blast radius here is much larger than it looks. Deep dive into the messy reality of modern dependency resolution → socket.dev/blog/hidden-...

The axios compromise blast radius is much much much bigger than people seem to suspect. The secret: transitive dependencies with open ranges making it extremely obscure and difficult to detect whether you were affected, after the fact.

🚨 Active supply chain attack on [email protected]. The latest version pulls in [email protected] -- a brand-new package that didn't exist before today. We're still investigating. If you use axios, pin your version and audit your lockfile. socket.dev/blog/axios-n...

"Open source dependencies should be treated as part of the security perimeter, the systems you are responsible for securing, even if you don’t control them." - @rginn206.bsky.social

🚨 TeamPCP compromised the Telnyx #Python SDK on PyPI. Malicious versions 4.87.1 and 4.87.2 steal credentials. Full analysis → socket.dev/blog/telnyx-...

I'm following these developments closely because I care about OSS and the maintainers behind it. Many are under-resourced to handle this level of coordinated attack. Access from recent compromises is now being operationalized for follow-on ransomware attacks. It's a bad situation. Stay vigilant. 💜

📌 If you've been tagged in one of these discussions, don’t follow the link. It’s not just spam. There’s routing and browser fingerprinting happening before anything else is served, as a first step before a follow-on payload.

🔺 Update: There are emerging claims of mass credential exfiltration: reports from @intcyberdigest.bsky.social and @vxundergroundre.bsky.social cite ~300GB of credentials exfiltrated and ~500,000 stolen via the LiteLLM compromise alone. Our post has been updated with the latest details:

TeamPCP: "These companies were built to protect your supply chains yet they can't even protect their own, the state of modern security research is a joke, as a result we're gonna be around for a long time stealing terrabytes of trade secrets with our new partners."

🎉 #TypeScript 6.0 landed today with new standard APIs, stricter defaults, and deprecations ahead of 7.0’s Go-based compiler. Quick breakdown → socket.dev/blog/typescr... #JavaScript

If you’re pulling Trivy images from Docker Hub right now, be advised that the latest images are compromised. cc: @campuscodi.risky.biz @thehackernews.bsky.social @zackwhittaker.com @bleepingcomputer.com

Update: CanisterWorm has expanded to 135 malicious artifacts across 64+ npm packages. New activity is slowing, likely due to npm intervention. Wiz attributes the campaign to “TeamPCP,” previously linked to the Trivy supply chain attacks. Campaign tracking: socket.dev/supply-chain...

🚨 Another supply chain attack: Attackers republished 29 legitimate npm packages with a backdoor using compromised publisher access, enabling further propagation via stolen tokens and payload delivery through an ICP canister. Details: socket.dev/blog/caniste... #NodeJS

🚨 Trivy update: maintainers confirm this attack used a compromised credential carried over from the breach in early March. We’ve updated our analysis with full details on how 75 GitHub Action tags were poisoned and used to exfiltrate secrets during CI runs. socket.dev/blog/trivy-u...

FYI if you're using Trivy in CI right now: 75 of 76 tags on the official GitHub Action were force-pushed to serve malware. Affects 10K+ workflows. If you're not on v0.35.0, assume compromise. cc: @campuscodi.risky.biz @thehackernews.bsky.social @zackwhittaker.com @bleepingcomputer.com