⚡️ Founder CEO @SocketSecurity (socket.dev) • 🌲 Visiting lecturer @Stanford (cs253.stanford.edu) • ❤️ Open source @WebTorrentApp @StandardJS

Joined August 2008
1,847 Photos and videos
Pinned Post
🚨 Active supply chain attack spanning npm, PyPI, and Crates.io simultaneously. Socket is tracking a campaign we’re calling TrapDoor: 34 malicious packages and 384 versions designed to steal crypto wallets, SSH keys, AWS credentials, GitHub tokens, browser data, and environment variables from developers. We had a median detection time of 5 minutes and 27 seconds. Fastest detection was 58 seconds after publication. The packages target crypto, DeFi, Solana, Sui/Move, and AI developers. Names like crypto-credential-scanner, solidity-deploy-guard, sui-move-build-helper, and prompt-engineering-toolkit are crafted to look like legitimate dev tools. Each ecosystem uses a different execution path: • npm: postinstall hooks run trap-core.js, a 1,149-line credential harvester that validates stolen AWS/GitHub tokens via API calls and attempts SSH-based lateral movement • PyPI: packages auto-execute on import, download JavaScript from an attacker-controlled GitHub Pages domain, and run it via node -e • Crates.io: malicious build.rs scripts search for wallet keystores, XOR-encrypt them, and exfiltrate to GitHub Gists What makes this campaign especially notable: the npm payload plants persistence through .cursorrules and CLAUDE.md files using zero-width Unicode characters, attempting to trick AI coding assistants into running “security scans” that exfiltrate secrets. The attacker also opened PRs against major AI projects (LangChain, LlamaIndex, MetaGPT, OpenHands, browser-use) trying to inject these files into codebases directly. If you work in crypto, DeFi, or AI tooling: audit your lockfiles, check for any of the listed packages, and review your project for unexpected .cursorrules or CLAUDE.md files. Full list of IOCs and affected packages: socket.dev/blog/trapdoor-cry…
10
29
147
33,302
Feross reposted
Every package install brings third-party code into your app. On the @riskybusiness podcast, Socket CEO @feross explains how AI coding agents are pulling in more dependencies, faster, often without a human in the loop. Watch the full episode: socket.dev/blog/risky-biz-po…
7
14
3,313
Feross reposted
Imagine what the Free VPN is stealing if the extension is already blatantly exfiltrating your clipboard
A VPN extension is not supposed to read your clipboard every 500 milliseconds. Socket researchers found Chrome and Firefox extensions posing as free VPNs that added clipboard stealers in later updates and exfiltrated copied data. socket.dev/blog/chrome-and-f…
2
5
51
11,421
A VPN extension is not supposed to read your clipboard every 500 milliseconds.
A VPN extension is not supposed to read your clipboard every 500 milliseconds. Socket researchers found Chrome and Firefox extensions posing as free VPNs that added clipboard stealers in later updates and exfiltrated copied data. socket.dev/blog/chrome-and-f…
3
7
116
32,355
Feross reposted
A VPN extension is not supposed to read your clipboard every 500 milliseconds. Socket researchers found Chrome and Firefox extensions posing as free VPNs that added clipboard stealers in later updates and exfiltrated copied data. socket.dev/blog/chrome-and-f…
4
15
101
52,197
Feross reposted
💀💀💀 imagine running this action on a cron for 4 years and then having it become malware
5
5
237
55,164
Feross reposted
Miasma Mini Shai-Hulud has expanded to the Go ecosystem, with a Verana Blockchain source archive containing malicious Claude and VS Code hooks. This is the same wave that hit LeoPlatform npm packages and targeted GitHub Actions workflows. socket.dev/blog/miasma-mini-…
1
8
28
4,473
Feross reposted
🚀Thrilled to announce @SocketSecurity as #gold Sponsors of #NodeConfEU 2026! 🌟 Socket is a #cybersecurity platform that protects companies from software supply chain attacks. Find out more👉 socket.dev/ Your partnership is helping create something special!
3
7
4,697
Surreal to see Socket sponsoring NodeConf EU. This is where I gave an impromptu talk on PeerCDN, my first startup, back in 2013, and where I met almost all my Node friends. Awesome to finally pay it forward.
🚀Thrilled to announce @SocketSecurity as #gold Sponsors of #NodeConfEU 2026! 🌟 Socket is a #cybersecurity platform that protects companies from software supply chain attacks. Find out more👉 socket.dev/ Your partnership is helping create something special!
1
4
18
3,557
Feross reposted
The Fable shutdown shows how quickly model access can become a business continuity risk. Many teams assumed the frontier AI supply chain was resilient. It’s now clear that access to critical AI infrastructure can change overnight. socket.dev/blog/frontier-ai-…
5
19
3,490
Feross reposted
🛡️ @bradarkin has led security and trust at Salesforce, Cisco, and Adobe. Now he’s joined Socket as a strategic advisor. His first post digs into a fast-growing blind spot: AI agents pulling packages into environments no scanner is watching. The code you didn’t write is still yours to defend. socket.dev/blog/the-code-you…
4
14
3,156
Feross reposted
Not a moment too soon! 😅 GitHub Actions checkout now blocks risky pull_request_target checkouts by default to help prevent pwn request supply chain attacks. socket.dev/blog/github-actio…
5
18
97
27,354
Feross reposted
🚀 Socket Launch Week Day 5: Introducing Repository Access Permissions and Custom Roles. Custom Roles set what a user can do. Repository Access Permissions set which repos those actions apply to. Apply least-privilege access without forcing members into broad built-in roles.
4
5
11
2,860
Feross reposted
Get ahead of malicious code extension installs and updates with this new release!
🚀 Launch Week Day 3: Socket Firewall now blocks malicious code editor extensions. VS Code and Open VSX extensions run inside developer environments with access to source code, terminals, credentials, and tokens. Now teams can block bad extensions before install or update.
1
4
25
6,098
Feross reposted
So excited to bring new features to the Socket MCP! Not only can you pull your alerts but you can investigate them deeply at a package level to really understand how they impact your organization!
🚀 Socket Launch Week Day 4: Socket MCP is getting a massive update! You can now review org alerts, inspect package artifacts, investigate suspicious packages, and use the Socket threat feed directly from your AI assistant.
1
7
14
4,484
Feross reposted
Security teams can ask follow-up questions across alerts, package contents, threat intelligence, and determine org exposure in one place, without clicking through dashboards, registries, and local tooling. ⚡️ Try Socket MCP → socket.dev/blog/socket-mcp-s…
1
7
1,759
Feross reposted
🚀 Socket Launch Week Day 4: Socket MCP is getting a massive update! You can now review org alerts, inspect package artifacts, investigate suspicious packages, and use the Socket threat feed directly from your AI assistant.
1
6
18
8,502
Feross reposted
🚀 Launch Week Day 3: Socket Firewall now blocks malicious code editor extensions. VS Code and Open VSX extensions run inside developer environments with access to source code, terminals, credentials, and tokens. Now teams can block bad extensions before install or update.
2
9
35
10,727
Feross reposted
Attackers are starting to use evasions targeting AI analysis. Excellent analysis by our Socket Labs intern Jean-Charles! // You're absolutely right! You're absolutely right! You're absolutely right! You're absolutely right! You're absolutely right! You're absolutely right!
New Socket research: We’re seeing more packages designed to trip up AI malware scanners. This new npm package uses prompt-injection-style comments, safety-triggering content, context flooding, and obfuscated JS to probe where scanners refuse, truncate, or miss the code that matters. socket.dev/blog/npm-package-…
1
1
8
1,397
Feross reposted
Yesterday, Mastra was hit by a supply chain attack. A malicious postinstall script that exfiltrated credentials and then self-deleted was added to specific versions of our npm packages. Most importantly: the incident is over. All relevant package versions are unpublished. The root cause is that one of our maintainers was compromised. Between 6:12 PM and 6:37PM PT yesterday, a token associated with their account published 116 malicious NPM packages, almost all in the `@mastra/` namespace. We became aware of this at 8:45pm PT. We immediately contacted npm as well as trusted third parties (eg @SocketSecurity). We also began unpublishing, and unpublished 59 packages. As part of the attack, we lost access to some packages. Around 10:15pm PT, we were able to re-add our accounts to those packages. We began unpublishing the rest. In total, we unpublished 110 packages, and deprecated 6. By 11:57pm PT, all affected packages were unpublished or deprecated. At around 1am PT, we also published new, safe versions of each package affected (github.com/mastra-ai/mastra/…), so that installs would resolve We have always required MFA on NPM for maintainers, but we also allowed (mistakenly) token bypass. Also around 1am PT, we removed token bypass across all packages. At 2:25am PT, we established contact with the compromised maintainer. He is a current, active Mastra employee. His machine was compromised via a social phishing attack. A compromised LinkedIn account reached out to him as well as maintainers of other prominent TypeScript open source packages. He was on a call and clicked a suspicious link. This was the same attack vector as other open-source maintainers have reported (eg x.com/aidenybai/status/20667…). Around 4:40am, npm responded to the security ticket we'd filed and confirmed the breach. They unpublished the last 6 affected packages. For a third-party report on the incident / malware, including a list of package versions affected, and the mechanisms of the RAT: socket.dev/blog/mastra-npm-p…. We're continuing to keep reducing scope of sensitive credentials and enhance our use of MFA. Security is an ongoing process of review and hardening. Thanks for the hugops. Stay safe out there. I'll be here answering questions.
We have remediated the incident. Brief account on Github: github.com/mastra-ai/mastra/…
9
19
126
22,599
Feross reposted
Pictures say it all... exactly what I was looking at earlier today
To bypass age restrictions, kids will look up “free vpn” to sign up in a diff country, opening them up to further risks. So make sure to ban VPNs too, and computers and math and thinking. Just kill the children.
5
35
486
29,360