Kush Pandya

@kpandya_7

Security @ Socket

Joined July 2022

109Following

27Followers

Pinned

Kush Pandya Retweeted

The Hacker News@TheHackersNews · May 3

🚨 Malicious Go modules are nuking Linux systems—wiping entire disks beyond recovery using hidden payloads. 🧨 3 GitHub-hosted packages posed as dev tools. Once run on Linux, they downloaded a script to overwrite /dev/sda—killing the OS. At the same time, npm & PyPI malware is:…

183

24.0K

Pinned

Kush Pandya@kpandya_7 · May 2

Malicious Go modules are being used in supply chain attacks to wipe Linux systems clean.

PPhilipp Burckhardt@burckhap · May 1

The Socket research team discovered a supply chain attack involving obfuscated Go modules that come with devastating disk-wiping payloads. With just one line of code, these modules retrieve and run a script that zeros out storage devices, rendering data recovery impossible.

Kush Pandya Retweeted

Socket@SocketSecurity · Jul 25

Vibe coding with LLMs is making developers faster, but also creating new attack surfaces. Socket CEO @feross talks with Joel de la Garza of @a16z about the future of AI-assisted software and supply chain security. 🎙️Check out the full episode: socket.dev/blog/ai-a16z-p…

2.0K

Kush Pandya@kpandya_7 · Jul 26

Check this out🔥

AArs Technica@arstechnica · Jul 25

Open source repositories are seeing a rash of supply-chain attacks arstechnica.com/security/2025/…

1.0K

Kush Pandya@kpandya_7 · Jul 25

🚨 10 malicious npm packages, 73 repos exposed & code that steals your GitHub token then wipes your machine. 🤯 I analyzed a supply‑chain attack on Toptal’s GitHub org, here’s what happened: socket.dev/blog/toptal-s-… #cybersecurity #SupplyChainSecurity

kpandya_7's tweet card. Threat actors hijacked Toptal’s GitHub org, publishing npm packages with malicious payloads that steal tokens and attempt to wipe victim systems.

Kush Pandya@kpandya_7 · Jul 23

‼️npm + PyPI packages delivering surveillance malware to thousands: • Keylogging • Screen capture • Webcam access 56,000+ downloads and growing. Full investigation → lnkd.in/e6VXAJdC #infosec #Python #JavaScript #CyberSecurity

804

Kush Pandya Retweeted

Socket@SocketSecurity · Jul 19

🚨 Active supply chain attack on #npm: Multiple Prettier tooling packages were compromised through the phishing campaign we published about just hours ago. Watch out for more compromised accounts and malicious packages. Follow-up post: socket.dev/blog/npm-phish… #nodejs

10.0K

Kush Pandya@kpandya_7 · Jun 25

A fake ‘passlib’ package on PyPI shuts down Windows when you mistype a password. Typosquatting + sabotage in the Python ecosystem. Full analysis → socket.dev/blog/malicious… #Python #infosec #OpenSourceSecurity #CyberSecurity

SSocket@SocketSecurity · Jun 24

🚨 The Socket Research Team has spotted a malicious #Python package typosquatting the popular 'passlib' library on PyPI: It shuts down Windows systems when users enter incorrect passwords. Details & IOCs: socket.dev/blog/malicious…

210

Kush Pandya@kpandya_7 · Jun 13

⚡️From fake Apple alerts to Wikipedia XSS abuse — malicious browser extensions are evolving fast. Socket's new research breaks down how scammers are hijacking browsers for money, reach, and data. Read → socket.dev/blog/the-growi…

SSocket@SocketSecurity · Jun 13

🚨 New Socket research on malicious browser extensions: 🔹 Fake Apple popups (tech support scams) 🔹 Wikipedia redirects with XSS risks 🔹 Extensions faking likes & views Our investigation into threats undermining browser security → socket.dev/blog/the-growi…

Kush Pandya Retweeted

SC Media@SCMagazine · Jun 10

Malicious npm packages posing as legitimate application utilities create destructive backdoor endpoints that enable remote deletion of app directories, reported @SocketSecurity. #cybersecurity #infosec #ITsecurity bit.ly/43XOOdr

2.0K

Kush Pandya Retweeted

The Hacker News@TheHackersNews · Jun 8

🚨 Supply chain attacks hit npm & PyPI: malware in 1M+ downloads steals data, runs commands, and wipes files. A PyPI package steals Instagram creds, spreading them to botnets. Check your dependencies NOW. Full details ↓ thehackernews.com/2025/06/new-su…

129

20.0K

Kush Pandya@kpandya_7 · Jun 7

Not all backdoors come through the front :) Two npm packages include a secret kill switch — triggered via POST request to wipe your code. Stealthy, destructive, and published in plain sight. Details → lnkd.in/e_wvpcax #CyberSecurity #JavaScript #npm

SSocket@SocketSecurity · Jun 5

🧨 Socket’s Threat Research team uncovered two npm packages disguised as utilities, which came with a hidden kill switch. Add them to your app, and a secret POST request can delete everything. Read the investigation: socket.dev/blog/destructi… #JavaScript #NodeJS

1.0K

Kush Pandya@kpandya_7 · Jun 7

☠️A PyPI package posing as an Instagram booster steals your credentials and sends them to bot networks. Social engineering + supply chain threat. Full report → lnkd.in/eKyQzPtg #Python #infosec #OpenSourceSecurity #CyberSecurity

SSocket@SocketSecurity · Jun 6

🚨 Think twice before chasing Instagram growth hacks. Socket researchers uncovered a PyPI package disguised as an #Instagram followers booster that harvests user credentials and sends them to bot services. Full investigation → socket.dev/blog/pypi-pack… #Python

Kush Pandya@kpandya_7 · May 30

🚨Typosquatted npm package + remote trigger = total codebase wipe. Just one mistyped install, and your project’s gone. Triggered by “remise à zéro” — reset. Details → socket.dev/blog/npm-packa… #npm #CyberSecurity #infosec

Kush Pandya@kpandya_7 · May 22

🚨 New npm malware campaign targeting: • React • Vue • Vite • Node.js • Quill editor Deletes files. Crashes systems. Breaks apps silently. #JavaScript #infosec #CyberSecurity #npm

SSocket@SocketSecurity · May 22

🚨 We uncovered a malware campaign on npm targeting devs using #React, #Vue, #Vite, #Nodejs & the Quill rich text editor. These destructive packages delete files, crash systems, and break apps in subtle, chaotic ways. Full report → socket.dev/blog/malicious… #JavaScript #infosec

1.0K

Kush Pandya@kpandya_7 · May 9

Malicious npm packages targeting crypto traders: • Steal wallet keys & #BullX credentials • Exfiltrate via Telegram • Use minimal wrapper to launch the payload Full analysis: lnkd.in/eQWirmTd #JavaScript #CyberSecurity #ThreatIntel #npm

SSocket@SocketSecurity · May 8

🚨 Socket researchers discovered an npm package targeting #crypto traders. It hunts for wallet keys & #BullX credentials, then exfiltrates them via Telegram. A second package serves as a minimal wrapper to execute the payload. Full report → socket.dev/blog/malicious… #JavaScript

966

Kush Pandya Retweeted

Feross@feross · Apr 23

We just bought a company. Why? Because vulnerability scanning is fundamentally broken. And I’m tired of pretending it’s fine. We acquired Coana, the best reachability analysis engine on the planet. The whole vuln industry is addicted to quantity over quality. More alerts, more…

530

718.0K

Kush Pandya Retweeted

The Hacker News@TheHackersNews · Apr 19

🚨 Malware Alert for Developers! 3 npm packages are mimicking a popular Telegram bot library—but secretly install SSH backdoors & exfiltrate your data. They replicate the look of node-telegram-bot-api (100K+ weekly users), use starjacking to fake credibility, and target Linux…

120

24.0K

Kush Pandya Retweeted

Philipp Burckhardt@burckhap · Apr 20

Last week, Socket researchers have discovered malicious npm packages deploying backdoors through fake Telegram bot libraries and payment integrations - details in thread below.

1.0K

Kush Pandya@kpandya_7 · Apr 23

Pumped and super excited for this! 🔥

SSocket@SocketSecurity · Apr 23

🚀 Big news! Socket is acquiring Coana, bringing best-in-class reachability analysis to modern SCA! Coana's technology reduces false positives by up to 80%, letting teams focus on vulnerabilities that actually matter. #AppSec 1/4

914