🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

The Socket Threat Research Team has uncovered an extended and ongoing North Korean supply chain attack that hides behind typosquatted npm packages. socket.dev/blog/north-kor… Socket

"Another Wave: North Korean Contagious Interview Campaign Drops 35 New Malicious npm Packages" published by Socket. #BeaverTail, #ContagiousInterview, #HexEval, #NPM, #DPRK, #CTI socket.dev/blog/north-kor…

New wave of ‘fake interviews’ use 35 npm packages to spread malware - Bill Toulas bleepingcomputer.com/news/security/… bleepingcomputer.com/news/security/…

Over the weekend, Node.js quietly added a homepage button linking to paid third-party support for EOL versions. This controversial move sparked pushback and now the TSC is weighing next steps. Full story → socket.dev/blog/node-js-h… #NodeJS

🪇🎉 ECMAScript 2025 is official! Iterator Helpers, Set methods, JSON Modules, Promise.try, and more have landed in the spec. See what's new → socket.dev/blog/ecmascrip…

🤖 AI slop is flooding open source bug bounty programs. Now curl and Django are fighting back. Both have published new policies to curb slop security reports. Full story → socket.dev/blog/django-jo… #OpenSource

Check out our case study to learn how Render partnered with Socket to: ⚡️ Automate appsec with zero dev friction ⚡️ Empower devs with high-confidence GitHub PR alerts ⚡️ Simplify license reviews and compliance ⚡️ Scale security without adding overhead socket.dev/case-study/ren…

🏘️ "Potemkin Understanding" - a failure mode where LLMs appear to grasp a concept but only create the illusion of understanding. New research shows models get definitions right 94% of the time but fail to use those same concepts 40-55% of the time. → socket.dev/blog/potemkins…

LLMs appear to understand concepts... but can’t apply them. They ace the test, then flunk the follow-up. They’re not “hallucinating” -- they’re faking understanding. New research from Harvard, MIT & UChicago argues that this isn’t intelligence. It’s a convincing facade.

The official Go SDK for the Model Context Protocol (MCP) is now in development, with a stable release expected by August. socket.dev/blog/official-… #Golang

🚨 Big news: Socket is now officially a member of Ecma International! Why this matters: We’re already active in TC54 (the SBOM working group), and this membership gives us a stronger voice in shaping global standards around software supply chain security. This is a key

🎉 We’re already contributing to @CycloneDX and PURL through TC54, now with an official seat at Ecma International. Excited to keep pushing SBOM standards forward! ecma-international.org/news/ecma-inte…

🚨 New Research: We found 8 more malicious #Firefox extensions. From fake games to OAuth credential theft and proxy-based spying, browser threats are growing fast. 🧩 Full write-up → socket.dev/blog/8-more-ma…

🦀 Rust continues to reshape #JavaScript frontend tooling. Browserslist-rs just got a major performance optimization: internal data is now mostly static, cutting over 1MB from WASM builds and lowering memory usage. ✨ Full story → socket.dev/blog/browsersl… h/t Rspack