Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Product
Bret Comnes
May 3, 2023
The Socket GitHub app now runs Project Health Reports on the default branch instead of in pull requests. Previously, Project Health Reports were only run in the pull request context, along side pull request alert scanning. After usage feedback and building a better understanding how these reports are being used, we decided to run them on all new commits created on the default branch of repositories.
Photo by Simon Launay on Unsplash
Subscribe to our newsletter
Get notified when we publish new security blog posts!
Try it now
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.