Socket Threat Research

Supply Chain Siege: 84 TanStack Packages Compromised to Steal GitHub Secrets

• Malware

Supply Chain Siege: 84 TanStack Packages Compromised to Steal GitHub Secrets

Ddos May 12, 2026 0

The software supply chain has just weathered another high-impact assault. The Socket Threat Research team has uncovered...

Read More Read more about Supply Chain Siege: 84 TanStack Packages Compromised to Steal GitHub Secrets

Malicious Packagist Themes Target Vietnamese OphimCMS Sites with Trojanized JS

• Malware

Malicious Packagist Themes Target Vietnamese OphimCMS Sites with Trojanized JS

Ddos March 17, 2026 0

Cybersecurity investigators at Socket’s Threat Research Team have sounded the alarm after discovering a cluster of malicious...

Read More Read more about Malicious Packagist Themes Target Vietnamese OphimCMS Sites with Trojanized JS

Malicious “Hex Visualizer” Chrome Extension Targeting imToken Users

• Cybercriminals

Malicious “Hex Visualizer” Chrome Extension Targeting imToken Users

Ddos March 10, 2026 0

In a sophisticated blend of deceptive branding and technical trickery, Socket’s Threat Research Team has uncovered a...

Read More Read more about Malicious “Hex Visualizer” Chrome Extension Targeting imToken Users

Malicious PHP Packages Found Hidden in Laravel Ecosystem

• Malware

Malicious PHP Packages Found Hidden in Laravel Ecosystem

Ddos March 6, 2026 0

Socket’s Threat Research Team has uncovered a sophisticated supply chain attack targeting PHP developers through Packagist, the...

Read More Read more about Malicious PHP Packages Found Hidden in Laravel Ecosystem

Malicious NuGet Packages Weaponize ASP.NET Identity for Production Backdoors

• Malware

Malicious NuGet Packages Weaponize ASP.NET Identity for Production Backdoors

Ddos February 25, 2026 0

Developers themselves are increasingly the primary target for cybercriminals, a new supply chain attack has been uncovered...

Read More Read more about Malicious NuGet Packages Weaponize ASP.NET Identity for Production Backdoors

“CL Suite” Deception: Malicious Chrome Extension Steals 2FA Secrets and Meta Business Data

• Malware

“CL Suite” Deception: Malicious Chrome Extension Steals 2FA Secrets and Meta Business Data

Ddos February 17, 2026 0

A malicious Google Chrome extension posing as a productivity tool for Meta Business Suite has been caught...

Read More Read more about “CL Suite” Deception: Malicious Chrome Extension Steals 2FA Secrets and Meta Business Data

“SymPy” Imposter: Typosquatting Attack Turns Math Library into Crypto Miner

• Malware

“SymPy” Imposter: Typosquatting Attack Turns Math Library into Crypto Miner

Ddos January 23, 2026 0

A deceptive new supply chain attack has been uncovered in the Python ecosystem, where a malicious package...

Read More Read more about “SymPy” Imposter: Typosquatting Attack Turns Math Library into Crypto Miner

Fake Productivity Tools: 5 Malicious Chrome Extensions Hijack Enterprise Sessions

• Malware

Fake Productivity Tools: 5 Malicious Chrome Extensions Hijack Enterprise Sessions

Ddos January 19, 2026 0

A new and sophisticated campaign targeting enterprise environments has been uncovered by Socket’s Threat Research Team. Five...

Read More Read more about Fake Productivity Tools: 5 Malicious Chrome Extensions Hijack Enterprise Sessions

Malicious Chrome Extension Drains Crypto via Secret API Keys

• Malware

Malicious Chrome Extension Drains Crypto via Secret API Keys

Ddos January 14, 2026 0

A seemingly helpful tool for cryptocurrency traders has been exposed as a sophisticated wallet-draining trap. Socket’s Threat...

Read More Read more about Malicious Chrome Extension Drains Crypto via Secret API Keys