Please turn JavaScript on
Socket icon

Socket

follow.it gives you an easy way to subscribe to Socket's news feed! Click on Follow below and we deliver the updates you want via email, phone or you can read them here on the website on your own news page.

You can also unsubscribe anytime painlessly. You can even combine feeds from Socket with other site's feeds!

Title: Nuget

Is this your feed? Claim it!

Publisher:  Unclaimed!
Message frequency:  0.88 / day

Message History

A compromised release of the popular jscrambler npm package introduced hidden native binaries that execute automatically during npm install, exposing users to a supply chain attack before any application code runs.

The malicious 8.14.0 release, published ...


Read full story

Socket’s AI scanner flagged a suspicious NuGet package masquerading as the official Braintree payment gateway client, with the first malicious version published on July 3, 2026. It was detected by Socket as potential malware 10 minutes after publication. Follow-on analysis by the Socket Threat Research team revealed a multi-stage .NET implant that intercepts live payment card...


Read full story
@injectivelabs/[email protected] records private keys and mnemonics, enabling wallet compromise via 17 scoped packages pinned to the malicious version.

Socket detected a malicious @injectivelabs/[email protected] release published to npm with fake telemetry functionality that exfiltrates wallet private keys and mnemonic phrases. The affected package is part of the Injective Labs Typ...


Read full story

npm v12 is now generally available and tagged latest. The release turns on the install-time security defaults GitHub announced in June and starts winding down the most sensitive uses of 2FA-bypass granular access tokens (GATs). Both changes...


Read full story

Our investigation began with a malicious Go module, github[.]com/kaleidora/dnsub-scanning-tool, that posed as a DNS/subdomain scanner. The module did more than impersonate a developer utility: it exposed a Windows malware-staging chain that used hid...


Read full story