Socket uncovers malicious packages on PyPI using Gmail's SMTP protocol for command and control (C2) to exfiltrate data and execute commands.

We redesigned Socket's first logged-in page to display rich and insightful visualizations about your repositories protected against supply chain threats.

Automatically fix and test dependency updates with socket fix—a new CLI tool that turns CVE alerts into safe, automated upgrades.

CISA denies CVE funding issues amid backlash over a new CVE foundation formed by board members, raising concerns about transparency and program governance.

We’re excited to announce a powerful new capability in Socket: historical data and enhanced analytics.

Module Reachability filters out unreachable CVEs so you can focus on vulnerabilities that actually matter to your application.

Socket is bringing best-in-class reachability analysis into the platform — cutting false positives, accelerating triage, and cementing our place as the leader in software supply chain security.

Socket’s acquisition of Coana brings best-in-class reachability analysis to application security teams globally, cementing Socket’s position as the leader in software supply chain security.

Socket is introducing a new way to organize repositories and apply repository-specific security policies.

Socket researchers uncovered malicious npm and PyPI packages that steal crypto wallet credentials using Google Analytics and Telegram for exfiltration.

Socket now supports .NET, bringing supply chain security and SBOM accuracy to NuGet and MSBuild-powered C# projects.

Malicious npm packages posing as Telegram bot libraries install SSH backdoors and exfiltrate data from Linux developer machines.