Feross
@feross
⚡️ Founder + CEO @SocketSecurity (http://socket.dev) • 🌲 Visiting lecturer @Stanford (http://cs253.stanford.edu) • ❤️ Open source @WebTorrentApp + @StandardJS
🔥 LAUNCH WEEK IS HERE! 🔥 We're dropping something new EVERY DAY ahead of BSidesSF + RSAC. Buckle up. 🚀 First out of the gate: Socket now supports .NET 🛡️ Secure your NuGet dependencies from malicious attacks, typosquatting, and dependency confusion—WITHOUT slowing down…
Check this out🔥
Open source repositories are seeing a rash of supply-chain attacks arstechnica.com/security/2025/…
If you believe AI's growing pains are just the prelude to an unstoppable wave of progress, this podcast episode is gonna be your vibe. Listen to @feross and @a16z's Joel de la Garza discuss AI security, vibe coding, and the future of the software supply chain.
Vibe coding with LLMs is making developers faster, but also creating new attack surfaces. Socket CEO @feross talks with Joel de la Garza of @a16z about the future of AI-assisted software and supply chain security. 🎙️Check out the full episode: socket.dev/blog/ai-a16z-p…
Amazing @SocketSecurity research covered by @arstechnica and the amazing @dangoodin001
Open source repositories are seeing a rash of supply-chain attacks arstechnica.com/security/2025/…
Open source repositories are seeing a rash of supply-chain attacks arstechnica.com/security/2025/…
Vibe coding with LLMs is making developers faster, but also creating new attack surfaces. Socket CEO @feross talks with Joel de la Garza of @a16z about the future of AI-assisted software and supply chain security. 🎙️Check out the full episode: socket.dev/blog/ai-a16z-p…
Never run `npm install` on your bare laptop. Not using devcontainers, dev VM, or some other sandbox, is now basically negligence
🚨 73 Toptal repos hijacked. 10 npm packages laced with malware to steal GitHub tokens & wipe systems (rm -rf /). ~5,000 downloads before removed by npm. ICYMI: the supply chain is under attack.
One thing that's not clearly stated but is a fact at the bottom of this story: Socket's malware detection feed is a valuable resource for compromiseamd threat detection. I look at it for fun sometimes and this was such a time. If you have a threat intel feed, injest it too.
Socket did a write-up on this: socket.dev/blog/toptal-s-…
🚨 Supply chain attack alert: A threat actor gained access to @toptal’s GitHub org, making 73 repos public and injecting malicious payloads into 10+ npm packages. Full research: socket.dev/blog/toptal-s-… #NodeJS #JavaScript
‼️npm + PyPI packages delivering surveillance malware to thousands: • Keylogging • Screen capture • Webcam access 56,000+ downloads and growing. Full investigation → lnkd.in/e6VXAJdC #infosec #Python #JavaScript #CyberSecurity
Socket discovered even more npm malware today — see below
🚨 New Threat Research: We uncovered 4 malicious packages (3 on npm, 1 on PyPI) with 56,000+ downloads, all delivering surveillance malware capable of keylogging, screen capture, and webcam access. Here’s what we found: socket.dev/blog/surveilla… #NodeJS #JavaScript #Python
Wild to see but we knew this would eventually happen
Largest attack on npm maintainers taking over legitimate packages and pushing malware is ongoing. bsky.app/profile/checkm… x.com/naugtur/status… bsky.app/profile/jordan… Now is the time to use npmjs.com/package/@lavam… if you haven't already. lavamoat.github.io
1/ 🚨 Major supply chain breach just hit the JavaScript ecosystem. Attackers hijacked popular npm packages — including is (~3M downloads/week) — to silently ship remote access malware into dev environments. Here’s what happened, and how Socket caught it 🧵