Socket @SocketSecurity
Socket helps developers use open source software and stay secure. Next-gen SCA and supply chain security. socket.dev node_modules/ Joined November 2021-
Tweets1K
-
Followers4K
-
Following5K
-
Likes1K
🚀 We're excited to introduce support for Single Sign-On (SSO) for our customers, supporting 20+ identity providers. socket.dev/blog/introduci…
Tea[.]xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries. socket.dev/blog/tea-xyz-s…
Researchers claim to have created a GPT-4 agent that can autonomously exploit web vulnerabilities in real-world systems with an 87% success rate. We're not too far away from seeing fully autonomous exploits. socket.dev/blog/the-ai-ad…
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion. socket.dev/blog/unitedhea…
GitHub is susceptible to a CDN flaw that allows attackers to host malware in the file storage for any public repository. socket.dev/blog/how-threa…
Thank you to @SocketSecurity for sponsoring our Presenter Appreciation Gifts for BSidesSF 2024! bsidessf.org/sponsors #bsidessf #bsidessf2024 #infosec
There's still time to sign up for our webinar tomorrow! We're unpacking the xz-utils supply chain attack. We'll show you how this nightmare security incident unfolded and how you can secure your open source dependencies. Register for free: events.zoom.us/ev/ArQ1SnX063V…
Please join us for our next free webinar! We're unpacking the xz-utils supply chain attack on April 23rd. Learn how this nightmare security incident unfolded and how you can secure your open source dependencies from these types of attacks. Register now: events.zoom.us/ev/ArQ1SnX063V…
What does a software supply chain attack look like? Check out @feross' talk at @NodeCongress on the Dark Side of Open Source. If you enjoy digging into examples of malicious code, this is a fun video! socket.dev/blog/the-dark-…
🚨 A Socket investigation has uncovered an npm package for a React components library that exfiltrates sensitive developer information, including your operating system username, Git username, and Git email. socket.dev/blog/npm-packa… #reactjs #extjs
OpenJS is warning of social engineering takeovers targeting open source projects after receiving a credible attempt on the foundation. The ecosystem is living on borrowed time until the next incident, which may already be in progress. socket.dev/blog/openjs-xz…
"I am seriously wondering how not every dev laptop is compromised these days" There’s likely way more backdoors than we realize. It’s not like the people (or state actor) behind xz-utils did nothing else for those ~2 years. They almost certainly infiltrated other projects.
"I am seriously wondering how not every dev laptop is compromised these days" There’s likely way more backdoors than we realize. It’s not like the people (or state actor) behind xz-utils did nothing else for those ~2 years. They almost certainly infiltrated other projects.
Seeing a lot of stuff about JSON today! socket.dev/blog/judicious… still covers a lot of the nuance here and other things that people might recognize when already writing JSON. Defining which specific JSON scenarios are sanitized (and by what) might help clarify discussion today.…
Who is going to be at @RSAConference and @BSidesSF in May? We can’t wait to meet you! Join us at one of our events for good food, drinks, and chill times connecting with new people in the security industry: socket.dev/blog/connect-w…
In our most recent episode of Coffee with Developers we sat down with web security expert and Socket CEO, Feross Aboukhadijeh (@feross), to discuss the recent xz backdoor incident that rocked the open source world. Watch below 👇
This is not the official package. All official packages start with @Shopify/** and this was community created. Also another reason to not blindly install npm packages just because it's easy
This is not the official package. All official packages start with @Shopify/** and this was community created. Also another reason to not blindly install npm packages just because it's easy
I'm hosting a webinar on the xz-utils supply chain attack, and I'm going to show you how this nightmare security incident unfolded. Learn about the risks of open source supply chains and how to secure your code. Register now: events.zoom.us/ev/ArQ1SnX063V…
Matteo Collina @matteocollina
42K Followers 3K Following @platformatic Co-Founder & CTO, @nodejs TSC member, Lead maintainer @fastifyjs, Board @OpenJSF, Conference Speaker, Ph.D. Past: @nearform. Views are my own.Feross @feross
29K Followers 2K Following ⚡️ Founder + CEO @SocketSecurity (https://t.co/7g1opA8rgG) • 🌲 Visiting lecturer @Stanford (https://t.co/yw9prxLQAM) • ❤️ Open source @WebTorrentApp + @StandardJSSeb ⚛️ ThisWeekIn.. @sebastienlorber
41K Followers 5K Following 🔥 Join 37k devs - Stay up-to-date with React: • 📨 https://t.co/DvLGHeLY5G • @ThisWeekInReact • @docusaurus maintainerEvan You @youyuxi
260K Followers 2K Following Husband, father of two, independent OSS dev. @vuejs, @vite_js, @rolldown_rs, and more. Connoisseur of sushi. Chinese-only alt: @yuxiyoulil uzi perf @ken_wheeler
47K Followers 3K Following practically irresistible. violently suburban. I made a jQuery plugin, gave a few talks and made a couple beats. https://t.co/6BFTpb3nXXJordan Harband @ljharb
8K Followers 2K Following software engineer/nerd/teacher/will try anything once; surgeon with git rebase. @TC39 ex @Coinbase/@Airbnb/@Twitter/@MobBase. Fav punctuation ⸮, scent petrichorAjit Nayak @ajitnayak_dev
33 Followers 1K FollowingTegroez @tegroez10342
0 Followers 146 FollowingResulti.net by Forjed @resultisearch
46 Followers 88 Following Protect your privacy since 2022! Located in the Province of Quebec, Canada🏢 #PrivacyMatters #Security #Canada #Québec A Forjed ServiceJev Björsell @jevonearth
852 Followers 1K Following CEO @ecadlabs, Likes salty things, the back-end of computer systems. Interested in building things on/with blockchainsTommy_The_Scientist @Tommy_Scientist
361 Followers 5K Following Artificial Intelligence||Coding||Poetry||Travel||Design||Develop||Bug-Hunt||Habit Magician.Alexander Forbes Naka.. @PlanetSatoshi
387 Followers 2K Following Fiat mining in hydrocarbons. Tick tock, next block. 2.1e15. #BitcoinPangea @pangeacyber
298 Followers 356 Following Turning the fragmented world of security into a simple set of APIsMeflahi Abdelkader @MKader1985
39 Followers 557 FollowingRaja @bhoomabrsr
15 Followers 230 Followinglion1987♦️ @lion19875
361 Followers 3K Following ⚙️web3产品体验官|PI先驱者|人称财神Jay $FAR https://t.co/slZOHBTgbq @tapioca_dao pearl club member #byebyebirdie Left to Phaver ⏳@t2wrldRoshan Limbu @Roshanlimbu205
2 Followers 59 FollowingJose Vasquez @Jose_VR13
337 Followers 5K Following Data scientist , Audio Designer,VR Explorer,Psyconaut ,Voice Over Artist, Futurista , Remote Viewer, Creative Consultant, Cyclist , Security Researcher.Clementina Vizuete @clementin_vizue
47 Followers 5K FollowingClaire Cannistraro @ClaiCannistra
47 Followers 5K Followingrameshpallikara @rameshpallikara
84 Followers 1K Followingnirapadak net @nirapadakpal
3 Followers 16 Following Hi there 👋. I'm nirapadak A passionate Android and MERN stack developer from Bangladeshวิไลวาส.. @Kathlee04480339
79 Followers 1K Following คุณต้องการนัดเดทกับสาวไหมคะ เพิ่ม https://t.co/tlJas1TnCgOlivia Jepko @olivi_jep
32 Followers 5K FollowingBounty Puzzle @bountypuzzle
319 Followers 704 FollowingManjula Dube @manjula_dube
7K Followers 3K Following Technical Delivery Lead @Vanguard_Group, Codes when there's 🔥. Founder @geekabyte_info #a11y, Organiser @react_india @jsconfin @WomenCoders01 @gdgberlincalledT @huanggengtao
35 Followers 2K FollowingFoxFortyTwo 🦊 @FoxFortyTwo
1K Followers 1K Following Father, coach, writer, Web3 founder and idealist. DeFi is the future. The future is now. Be part of it!Halley Ezernack @ezernack18859
27 Followers 5K FollowingConsuelo Prondzinski @CProndzins19094
18 Followers 3K Following 🖤Consuelo . 22 . Join my free content👇🌹machzero @0xmachzero
170 Followers 760 Following I am into tech 👨🏽💻, I like metal music 🤘🏽, and I love my daughter & wife 👧🏻👸🏻. Life is too short, so shitpost away.Anthony Campolo (ajcw.. @ajcwebdev
2K Followers 482 Following @_everfund content @DashIncubator dao @FSJamorg host @RedwoodJS bard @JavascriptJam news @bloomtech dropout Formerly @Edgioinc, @QuickNode, and StepZenAdel Ka @0x4D31
3K Followers 2K Following full-stack threat detection engineer at @Nianticlabs | x-google lead security engineer, d&r. views are my own, not my employer's!Alya Sultan @AlyaSultan87734
94 Followers 5K FollowingSherri Martin @SherriMart78236
14 Followers 63 FollowingVeronica Kiesel @KieselVero17731
89 Followers 5K FollowingJesse Sh @jshawl
733 Followers 876 Following Selling free software like: https://t.co/R8FEUxMo9D, https://t.co/Rx8ELqBexl, https://t.co/fe80CPsYb9, and https://t.co/IOk1jOT31q. here for the right reasons. into inclusivity. computery tweets mostlySDxCentral News @sdxcentral
47K Followers 583 Following A trusted source of independent insight in #cloud #cybersecurity #5G #SDWAN #SASEtemporary variable @tmpvar
2K Followers 1K FollowingParas Mathur @parasmathur9
35 Followers 771 FollowingRehan Qasim @rehanqasimk
86 Followers 1K Following Front End Developer Love Philosophy, Psychology and Sociology. Liberal Arts (especially trivium)Kaylie Balliew @BalliKayli
73 Followers 5K FollowingJérémy (Breek) @breekfr
151 Followers 702 Following Nous vivons et respirons le web depuis plus de 20 ans. Spécialistes de #Drupal, #Cypress, #SolidJS. Breek rend le web plus rapide et moins énergivore !Ankit Boghra 💜 @AnkitBoghra
426 Followers 678 Following Senior Software Engineer at @0xPolygon Labs, Ex-DAIICTWes Bos @wesbos
377K Followers 2K Following Fullstack JS Dev ❯ https://t.co/6heZ7gZqg1 ❯ https://t.co/lOo3xh23G1 ❯ https://t.co/XYbxq79WBS ❯ Posts 🔥 Tips ❯ Co-hosts @SyntaxFMSarah Drasner @sarah_edo
284K Followers 3K Following stupid like a fox • Director of Eng- Web, iOS, Android & Multiplat Infra @google, O'Reilly Author • https://t.co/HhzYWwxqL9, https://t.co/SOjL0RPUNN she/her BLMKelsey Hightower @kelseyhightower
237K Followers 40 Following Minimalist DMs are now closed. Just email me: [email protected]Matteo Collina @matteocollina
42K Followers 3K Following @platformatic Co-Founder & CTO, @nodejs TSC member, Lead maintainer @fastifyjs, Board @OpenJSF, Conference Speaker, Ph.D. Past: @nearform. Views are my own.Jake Archibald @jaffathecake
105K Followers 2K Following Engineer at @Shopify. No thought goes unpublished. 'IMO' implicit. He/him. Also jaffathecake on Mastodon, bsky, Threads etc.Feross @feross
29K Followers 2K Following ⚡️ Founder + CEO @SocketSecurity (https://t.co/7g1opA8rgG) • 🌲 Visiting lecturer @Stanford (https://t.co/yw9prxLQAM) • ❤️ Open source @WebTorrentApp + @StandardJSJosh W. Comeau @JoshWComeau
127K Followers 2K Following Indie hacker and educator. Blogging at https://t.co/kbdJDUdLg5. Previously @gatsbyjs, @digitalocean, @concordia_btcmp, @khanacademy. He/Him 🌈Rich Harris @Rich_Harris
93K Followers 2K Following Cheese fan. I work on @sveltejs at @vercel. When the asteroid finally obliterates this place you can find me at @[email protected]. Until then, 🍿Dan Lorenc @lorenc_dan
9K Followers 2K Following OSS Supply Chain Security. Founder/CEO/Primary Ariba Admin at https://t.co/sGmuUU9JbG Sigstore: https://t.co/dWKlyYu6kvJason Miller 🦊⚛ @_developit
60K Followers 2K Following Platform DX @Shopify. Created @preactjs. Do more with less. https://t.co/z1d6J24DlE @[email protected]Suhail @Suhail
295K Followers 464 Following Founder: @playground_ai, @mixpanel Pizzatarian, programmer, music makerAddy Osmani @addyosmani
343K Followers 2K Following Engineering leader, @GoogleChrome • Author • Great user & developer experiences • @ChromiumDev @ChromeDevTools • @____lighthouse • @ChromeUXReportSindre Sorhus @sindresorhus
62K Followers 528 Following Full-time open-sourcerer and maker of apps. Swift & Node.js. Made @awesome__re. Also: @sindre_gh_repos @[email protected]Liran Tal @liran_tal
12K Followers 995 Following 🦄 Node.js Secure Coding: https://t.co/tK9HV9apFk 🌟 Awarded @GitHub Star 🏅 Awarded @OpenJS Pathfinder award for Security 🥑 DevRel @snyksecDevon Govett @devongovett
34K Followers 1K Following Creator of @parceljs. Engineer @adobe working on React Aria and React Spectrum.swyx @swyx
91K Followers 3K Following Anti-ego ideas for anti-ergodic life. Founder, @smolmodels ▹ Listen: @latentspacepod ▹ Read: @coding_career ▹ Join: @aiDotengineerahmetb @ahmetb
41K Followers 165 Following ᯅ software engineer, compute infrastructure and fleet orchestration @LinkedIn. distsys enthusiast. ex-(@twitter, @googlecloud,@azure) https://t.co/9wQqtxMH5nCB @ammkrn
44 Followers 74 FollowingMadelyn Olson @reconditerose
1K Followers 71 Following Engineer at AWS and maintainer at https://t.co/IiRd7lvX15, also find me at @[email protected].Luca Casonato 🏳️.. @lcasdev
5K Followers 338 Following Software person. Building @jsr_io and @deno_land. Creator of Fresh. @tc39 delegate. he/him 🏳️🌈🌍🌻💚PatrickJS @PatrickJS__
13K Followers 4K Following @QwikDev core team. Previous: @TipeIO (@ycombinator W18) @AngularClass @Keychain (YC S12) @HackReactor 04, @Launch 2014 Hackathon, made @Angular Universal (ssr)JSR @jsr_io
715 Followers 6 Following The JavaScript Registry (JSR) is a module registry for TypeScript and ESM. Works with Node, Deno, browsers, and more. Free and open source.Michael Dawson @mhdawson1
3K Followers 457 Following Node.js lead for Red Hat and IBM. #nodejs collaborator and TSC member. Enjoys exploring tech and building apps to make daily life more fun! (tweets my own).Python Software Found.. @ThePSF
651K Followers 132 Following The nonprofit organization behind the Python programming language. For help with Python code, see https://t.co/XDHPttz2Xv On Mastodon: @[email protected]Bun @bunjavascript
41K Followers 1 Following Bun is a fast, all-in-one toolkit for installing, bundling, running and testing JavaScript & TypeScript. To install: `npm i -g bun`Steffen Foley @Steffen_Aspiron
5 Followers 22 Following Hunting the best talent for Cybersecurity vendors across the US || Host, CyberBytes: The Podcast🎙️Ryan Naraine @ryanaraine
28K Followers 875 Following I write about hackers and the business of cybersecurity. Podcast + newsletter: https://t.co/ZGEyqy2h7g. Columns: @securityweek. Conference: @labscon_ioTines @tines_hq
2K Followers 703 Following Smart, secure workflows for your whole team. Get started with our free, fully-loaded Community Edition - https://t.co/qmewAtzVuoTruffle Security @trufflesec
3K Followers 1 Following The TruffleHog company We find credentials, with open source https://t.co/7CnEqo1inq https://t.co/8vZxthRRXXAndrew Lisowski @HipsterSmoothie
2K Followers 2K Following Senior Software Engineeer @DescriptApp | Co-Host of @DevtoolsFMJustin Bennett @Zephraph
2K Followers 2K Following Open-source enthusiast; maker. Co-founder of @membraneio. Co-host of @DevtoolsFM. @recursecenter Alum. Prev at @oxidecomputer, @ArtsyOpenSource.devtools.fm @DevtoolsFM
3K Followers 269 Following A podcast about developer tools. Hosted by @hipstersmoothie and @zephraph. Become a https://t.co/INWPWJOwBL, come talk https://t.co/JFbwQSnPIQRenovate Bot @renovatebot
968 Followers 60 Following Open Source Automated Dependency Updates. 14k+ ⭐ - GitHub 👉 https://t.co/kOQ2ANni5q Part of @mend_io.npm malware @npm_malware
1K Followers 10 Following 📣 We tweet malicious packages detected on npm in real-time. 🚨 Not affiliated with @npmjs or @github. 🛡 Powered by the @SocketSecurity threat feed. ✨Cybersecurity and Inf.. @CISAgov
279K Followers 109 Following America's Cyber Defense Agency and National Coordinator for critical infrastructure security & resilience. Likes, RTs, follows ≠ endorsements.Dennis @DennisF
6K Followers 1K Following ΣΧ, co-founder of @DecipherSec. New novel BE GONE available NOW: https://t.co/bVFJcL9PdF. Golf dork. Friend of hackers. @duosec forever. @rsnake knower.Decipher @DecipherSec
4K Followers 419 Following Security without fear. Decipher delivers journalism on information security and privacy that informs, educates and inspires. Editors: @DennisF & @lindseyOD123.Syntax @syntaxfm
42K Followers 271 Following A Tasty Treats Podcast for Web Developers from @wesbos and @stolinski Brought to you by @getsentryPhilipp Burckhardt @burckhap
2K Followers 2K Following ⚡Data science & AI at @SocketSecurity (https://t.co/rjmrp0fCL0) 📖 ISLE e-learning platform @CMU_Stats 🔭 Scientific computing for the web via @stdlibjs (https://t.co/nJc4oxoUlD)Jasvir Nagra ✨ @jasvir
1K Followers 702 Following Advisor & builder. Formerly security @dropbox, product @instart & @google, authored Surreptitious Software, TL for Caja. I love good food, fine wine & great JS.pnpm @pnpmjs
15K Followers 7 Following Fast, disk space efficient package manager 快速且節省磁碟空間的套件管理程式 Sponsor us: on GitHub: https://t.co/cS3OP24kZH on OpenCollective: https://t.co/zyVORTsELNShehzad Akbar @shehzadakbar
206 Followers 567 Following Proud Torontonian. Dad. Product and Growth at @clerkdev.yash @goyashy
650 Followers 324 Following bootstrapping after 8 years of taking boots. courses: https://t.co/X42HzmEHgW ai video editing: https://t.co/dgCXWnnL2f second brain 🧠: https://t.co/d8nIkj9VMFArthur | Better Devel.. @Colmeo
238 Followers 228 Following Building https://t.co/plyG021oie . Frontend Software Engineer. Mentor @OCFranceAhmad Awais @MrAhmadAwais
47K Followers 2K Following ⌘ CEO & Founder @LangbaseInc // @Google Devs Advisory Board // Award-winning @GitHub Star // Ex VP DX Rapid / Quoted by @SatyaNadella "awesome example for devs"__abass. @abass_oguntade
115 Followers 807 Following Studying Computer engineering 💻 | Arranging pixels using React ⚛️ | Sometimes writes about React |jwfu @jwfu
67 Followers 557 Following:wq @oeiuwq
2K Followers 2K Following soy todos los tigres y todos los borges. paseo detrás de mi piel de barrotes. Norah, una niña, maldijo: Estas hecho para el amor. YES, YES! the tiger is out!Bjorg (threads.net/bj.. @bjorg
1K Followers 284 Following I do stuff some people care about, but most don't, and that's fine by me! 😉Stacey Wueste @staceywueste
463 Followers 491 Following Partner @DecibelVC | Creating opptys for early stage founders | Passionate about early adopter customers | Mom to Victoria | Stanford fanAlessio Fanelli @FanaHOVA
5K Followers 992 Following Cohost @latentspacepod | Partner & CTO @decibelvc | OSS: https://t.co/u4J6NVksoL | Writing: https://t.co/H7iEpzgxWQDan Nguyen-Huu @dannguyenhuu
1K Followers 962 Following partner @DecibelVC prior: @BatteryVentures & @vmware investor: @databricks @SumoLogic @matillion @expelsecurity @contrastsec @runzeroinc @thecubejs @SpecterOpsMike Hanley @_mph4
3K Followers 664 Following cso and svp engineering @github (prev. @cisco, @duosec, @certcc)BSidesSF @BSidesSF
6K Followers 421 Following Security BSides San Francisco — Join us May 4-5, 2024!Zoltan Kochan @ZoltanKochan
4K Followers 760 Following Developer, maker of @pnpmjs Works on dependency management at @bitdev_ #javascript #nodejsGaurav Kamathe @kamatheg
84 Followers 4K Following Security, Linux, Malware. Opinions expressed here are my own and not that of my employerEcosyste.ms @ecosyste_ms
76 Followers 13 Following Tools and open datasets to support, sustain, and secure critical digital infrastructureDevdatta Akhawe @frgx
4K Followers 1K Following Engineering @figma. Previously, Dropbox and Berkeley Grad Student. Opinions are my own, and mostly wrong. Him/he. Also on @[email protected]martin_casado @martin_casado
50K Followers 2K Following GP @ a16z ... questionable heuristics in a grossly underdetermined worldYoko @stuffyokodraws
5K Followers 1K Following Cartoonist, Engineer, PM, Partner @a16z investing in infra & AI Prev Product lead @HashiCorp, Founding Eng/PM @Transposit. Eng @AppDynamics. Opinions = own.Thank you to @SocketSecurity for sponsoring our Presenter Appreciation Gifts for BSidesSF 2024! bsidessf.org/sponsors #bsidessf #bsidessf2024 #infosec
@ammkrn @SocketSecurity @feross Wuhuu.. Super cool! Thanks for the quick response.
I love how this exposes a bunch of things that start to realize how version ranges etc blow up the potential number of things that can be installed. Lockfiles mitigate this but different variances can occur if they are only top level for example.
Today, we are excited to introduce dependency visualization for reports - get a quick impression of the state of your dependencies without getting lost in the details.
@SamwellHardly @SocketSecurity +בלוג למי שבעניין לחפור עוד socket.dev/blog/how-to-us…
Had a fun chat with @ChrisChinch about Socket and software security – he's an incredible interviewer and made the conversation super fun! chrischinchilla.com/podcast/softwa…
Are you still relying on CVEs to determine if OSS packages are safe? This is starting to look like a REALLY BAD strategy. ⚠️ NVD stopped CVE enrichment for 6 weeks and counting. ~4,000 CVE reports were filed but missing from NVD. (socket.dev/blog/nvd-remai…) ⚠️ Legacy CVE scanners…
I love what @feross and the team @SocketSecurity are doing. Personally, I've used these other tools mentioned in the video and most often do fail to surface known vulnerable packages, in python. While doing an ml model implementation or api deployment, you hope the model or api…
The `xz` package backdoor is just the tip of the iceberg. There's a CONSTANT low-level stream of malware and spyware being uploaded to npm, PyPI, and Go registries. I want to share a few examples from the 20,000+ malicious packages we detected so far:
@feross @SocketSecurity It's almost like you have been.... solving for this? ;)
This will be the most important company in the next decade @SocketSecurity
The `xz` package backdoor is just the tip of the iceberg. There's a CONSTANT low-level stream of malware and spyware being uploaded to npm, PyPI, and Go registries. I want to share a few examples from the 20,000+ malicious packages we detected so far:
@santoshimz @SocketSecurity Supply chain security ki proper solutions levu ga. Noice
@dalmaer @SocketSecurity Haha, yeah... it's almost like that!
The `xz` package backdoor is just the tip of the iceberg. There's a CONSTANT low-level stream of malware and spyware being uploaded to npm, PyPI, and Go registries. I want to share a few examples from the 20,000+ malicious packages we detected so far:
@SocketSecurity Can you add the part where we tried to revert the PR github.com/redis/redis/pu…
I'm really enjoying using @SocketSecurity
🐢🚀 The redesigned nodejs.org is live! - Fresh look - Comprehensive search - New learning resources - APIs & downloads unchanged - Improved contributor DX Stay tuned for more details in upcoming posts. Explore, share, and give us your feedback!
This isn’t great. It’s difficult as is trying to assess vulnerabilities. This is now likely to make it even harder. Hopefully this is only temporary and for a short period.
The NVD stopped enriching CVE's a month ago, and security professionals are raising concerns about this critical gap in metadata. socket.dev/blog/nvd-halts…
If we are connected on LinkedIn you might already know I'm now working at @github! What I haven't shared yet, is that I'm gonna PM @npmjs! I'm reporting to @MylesBorins so you know to reach out if I don't stay classy!
I don't think the average open source user realises how there are huge incentives for supply chain attacks and how much of an arms race it has become to stay one step ahead of the attackers. If it doesn't scare you it takes an advanced LLM to detect malicious code, it should!
🤯 Socket figured out that an attacker's base64 encoded PowerShell / bash command is actually creating a reverse shell LLMs are pretty incredible 🌟