Flux
Toutes les catégories

Cybersécurité

143 articles

Active Supply Chain Attack Compromises @antv Packages on npm
Cybersécurité Programmation

Active Supply Chain Attack Compromises @antv Packages on npm

Socket’s Threat Research team is investigating an active npm supply chain attack involving compromised packages in the @antv ecosystem. The attack affects packages tied to the npm maintainer account atool, including echarts-for-react, a widely used React wrapper for Apache ECharts with roughly 1.1 million weekly downloads. Socket quickly detected the malicious publish wave and classified the affected versions as known malware. Socket’s internal review identified hundreds of unique packages. The…

Socket
Popular node-ipc npm Package Infected with Credential Stealer
Cybersécurité Programmation

Popular node-ipc npm Package Infected with Credential Stealer

Socket’s threat feed has detected malicious activity in newly published versions of node-ipc, a long-running npm package previously associated with one of the most widely discussed supply chain incidents in the JavaScript ecosystem. The affected versions confirmed as malicious are: node-ipc@9.1.6 node-ipc@9.2.3 node-ipc@12.0.1 Socket’s AI scanner detected the newly published malicious versions within roughly three minutes of publication, classifying the activity as malware. Early analysis…

Socket
TeamPCP and BreachForums Launch $1,000 Contest for Supply Chain Attacks
Cybersécurité Programmation

TeamPCP and BreachForums Launch $1,000 Contest for Supply Chain Attacks

After months of targeting security tools, CI/CD workflows, and open source packages, TeamPCP is now promoting Shai-Hulud as required tooling for a competition that rewards the biggest compromise with a tiny crypto payout. According to Dark Web Informer, the competition was announced on BreachForums by an account identified as the forum’s owner, in collaboration with TeamPCP. Participants are being offered $1,000 USD in Monero to compromise open source packages with Shai-Hulud, along with the…

Socket
Packagist Urges Immediate Composer Update After GitHub Actions Token Leak
Cybersécurité Programmation

Packagist Urges Immediate Composer Update After GitHub Actions Token Leak

Packagist is urgently warning PHP projects to update Composer after a GitHub token format change caused some GitHub Actions tokens to be exposed in CI logs. Composer 2.9.8, 2.2.28 LTS, and 1.10.28 fix a vulnerability where Composer could print the full contents of GitHub Actions-issued GITHUB_TOKEN values or GitHub App installation tokens to stderr when the token failed Composer’s validation check. The issue was triggered by GitHub’s rollout of a new token format that includes a hyphen, which…

Socket
GemStuffer Campaign Abuses RubyGems as Exfiltration Channel Targeting UK Local Government
Cybersécurité Programmation

GemStuffer Campaign Abuses RubyGems as Exfiltration Channel Targeting UK Local Government

Socket's threat research team is tracking a suspicious RubyGems campaign we’re calling GemStuffer, involving more than 100 gems that appear to use the RubyGems registry as a data transport mechanism rather than a conventional malware distribution channel. The packages do not appear designed for mass developer compromise. Many have little or no download activity, and the payloads are repetitive, noisy, and unusually self-contained. Instead, the scripts fetch pages from UK local government…

Socket
Socket Named to Rising in Cyber 2026 List of Top Cybersecurity Startups
Cybersécurité Programmation

Socket Named to Rising in Cyber 2026 List of Top Cybersecurity Startups

Socket has been named to the Rising in Cyber 2026 list, an annual recognition of the most promising private cybersecurity companies, as selected by nearly 150 practicing CISOs and cybersecurity executives. Launched by Notable Capital, Rising in Cyber recognizes 30 private cybersecurity startups shaping the future of enterprise security. This year’s honorees were selected by security leaders from organizations including Booking.com, Albertsons, Atlassian, and TIAA. The list was announced…

Socket
TanStack npm Packages Compromised in Ongoing Mini Shai-Hulud Supply-Chain Attack
Cybersécurité Programmation

TanStack npm Packages Compromised in Ongoing Mini Shai-Hulud Supply-Chain Attack

The Socket Threat Research team detected a compromise across 84 npm package artifacts in the tanstack namespace. Affected packages were modified to add a suspected credential stealer targeting various CI systems, including Github Actions. All packages were flagged by Socket AI Scanner in six minutes or less after publication. Several of the newly turned malicious packages, like pkg:npm/@tanstack/react-router have over 12 million weekly downloads, and are widely consumed both directly and…

Socket
fsnotify Maintainer Dispute Sparks Supply Chain Concerns
Cybersécurité Programmation

fsnotify Maintainer Dispute Sparks Supply Chain Concerns

A dispute over maintainer access in fsnotify, a widely used Go library for cross-platform filesystem notifications, briefly raised takeover concerns this week after contributors were removed from the project’s GitHub organization and recent releases came under scrutiny. So far, there’s no evidence that any fsnotify release was compromised. The concern is messier and more familiar: when a popular project has unclear maintainer roles, release access, and review norms, downstream users can’t…

Socket
Socket Releases Free Certified Patches for Critical vm2 Sandbox Escape
Cybersécurité Programmation

Socket Releases Free Certified Patches for Critical vm2 Sandbox Escape

Socket is releasing free Certified Patches for a critical sandbox escape vulnerability in vm2, a JavaScript sandboxing library used to run untrusted code inside Node.js applications. The vulnerability, tracked as GHSA-ffh4-j6h5-pg66 and CVE-2026-26956, allows attacker-controlled JavaScript executed through VM.run() to escape the sandbox, access the host Node.js process object, and execute arbitrary operating system commands. The current GitHub advisory identifies vm2 3.10.4 as affected and…

Socket
5 Malicious NuGet Packages Impersonate Chinese UI Libraries to Distribute Crypto Wallet and Credential Stealer
Cybersécurité Programmation

5 Malicious NuGet Packages Impersonate Chinese UI Libraries to Distribute Crypto Wallet and Credential Stealer

Socket's Threat Research Team discovered five malicious NuGet packages published under the account bmrxntfj that typosquat widely used Chinese .NET UI and infrastructure libraries. Each package grafts a .NET Reactor protected infostealer payload onto a decompiled copy of a legitimate open source library. The stealer targets saved credentials across 12 browsers, 8 desktop cryptocurrency wallets, 5 browser wallet extensions and exfiltrates to a newly-registered C2 domain. Across all versions, the…

Socket
pnpm 11 Adds Supply Chain Protection Defaults for Minimum Release Age and Exotic Subdependencies
Cybersécurité Programmation

pnpm 11 Adds Supply Chain Protection Defaults for Minimum Release Age and Exotic Subdependencies

pnpm 11 has been released with new supply chain protections in place, making safer install behavior the default while still allowing teams to override those settings. The release sets Minimum Release Age to 24 hours by default, blocks exotic subdependencies by default, and introduces a new Allow Builds model for controlling dependency build scripts. pnpm 11 arrived as the JavaScript, Python, and PHP ecosystems were responding to Mini Shai-Hulud, a fresh supply chain campaign that compromised…

Socket
PyPI Fixes High-Severity Access Control Issues Found in Security Audit
Cybersécurité Programmation

PyPI Fixes High-Severity Access Control Issues Found in Security Audit

PyPI has fixed two high-severity flaws found during its second external security audit, addressing access control issues that could have allowed organization members to invite new owners and stale team permissions to persist after project transfers. The audit was performed by Trail of Bits and funded by the Sovereign Tech Agency. It reviewed Warehouse, the open source Python application that powers PyPI and handles package uploads, metadata validation, storage, and downloads for pip and other…

Socket
Malicious Ruby Gems and Go Modules Impersonate Developer Tools to Steal Secrets and Poison CI
Cybersécurité Programmation

Malicious Ruby Gems and Go Modules Impersonate Developer Tools to Steal Secrets and Poison CI

We investigated the GitHub account BufferZoneCorp, which published a cluster of repositories linked to malicious Ruby gems and Go modules. The account is part of a software supply chain campaign targeting developers, CI runners, and build environments across two ecosystems. On the Ruby side, the analyzed gems automate secret theft. They harvest secret-bearing environment variables and read local credential material such as SSH keys, AWS credentials, .npmrc, .netrc, GitHub CLI configuration, and…

Socket
Mini Shai-Hulud Spreads to Packagist: Malicious Intercom PHP Package Follows npm Compromise
Cybersécurité Programmation

Mini Shai-Hulud Spreads to Packagist: Malicious Intercom PHP Package Follows npm Compromise

A malicious intercom/intercom-php package artifact uses Composer plugin execution to download Bun and run the same style of obfuscated credential-stealing payload observed in the ongoing Mini Shai-Hulud campaign. intercom/intercom-php is a widely used PHP package, with more than 20.7 million lifetime installs, roughly 285,000 installs in the last 30 days, and an estimated 12,700 daily installs across versions (~700 for version 5.0.2), meaning the compromised 5.0.2 artifact could have reached…

Socket
Intercom’s npm Package Compromised in Ongoing Mini Shai-Hulud Worm Attack
Cybersécurité Programmation

Intercom’s npm Package Compromised in Ongoing Mini Shai-Hulud Worm Attack

Socket AI scanner detected, and the Socket Threat Research team has confirmed that intercom-client@7.0.4 is malicious, identifying a fresh compromise of the npm package used for Intercom’s Node.js client. intercom-client is a widely used official SDK for Intercom’s API. While it is not among npm’s largest packages, npm package aggregators report roughly 360,000 weekly downloads, and npm lists more than 100 dependent projects. The real exposure may extend beyond direct dependents, since the…

Socket