BREAKING
8h agoAmazon Earnings, Trainium and Commodity Markets, Additional Amazon Notes///8h agoWomen sue the men who used their Instagram feed to create AI porn influencers///8h agoFast16 Malware///8h agoAmazon Earnings, Trainium and Commodity Markets, Additional Amazon Notes///8h agoWomen sue the men who used their Instagram feed to create AI porn influencers///8h agoFast16 Malware///
BACK TO GLOSSARY
ORGCompaniesSafety

Socket

4 mentions across all digests

Socket is a security company that detects and reports supply chain attacks in npm and other package ecosystems.

/// Stats
First Seen2026-03-25
Last Seen2026-04-23
Total Mentions4
Subject Mentions1
Last 7 Days0
Sources3
Peak Relevance5/5
Active Predictions0
/// Recent Stories
2026-04-23HIGH

Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign

Bitwarden CLI's npm package was poisoned through a compromised GitHub Action in a supply chain attack affecting 10M+ users, with the malicious code sharing infrastructure with other Checkmarx campaign tools.

2026-04-22HIGH

Another npm supply chain worm is tearing through dev environments

A self-propagating npm worm is harvesting developer credentials from Namastex Labs packages, echoing tactics from the TeamPCP-attributed CanisterWorm campaign.

2026-04-01HIGH

Supply Chain Attack on Axios

Attackers published malicious Axios versions (100M weekly downloads) outside the official GitHub workflow, deploying a RAT capable of remote code execution and data exfiltration.

2026-03-24HIGH

Trivy under attack again: Widespread GitHub Actions tag compromise secrets

Supply chain attack compromised 75 of 76 Trivy-action GitHub Actions tags, injecting an infostealer payload into a widely-used CI/CD security scanning tool relied on by 10,000+ workflows.

/// Connected Entities
PRDNPM
2 shared
PRDGitHub Actions
2 shared
ORGTeamPCP
2 shared