Socket Blog
ID: c8d4bcaa-de7c-5bea-9992-5fcc84e2349e
STIX ID: identity--c8d4bcaa-de7c-5bea-9992-5fcc84e2349e
Feed Type: atom
Earliest post: 2026-05-31
Latest post: 2026-06-13
Socket fights vulnerabilities and provides visibility, defense-in-depth, and proactive supply chain protection for JavaScript, Python, and Go dependencies.
All
01/01/2020
06/13/2026
| Title | Date Published ↓ | Describes Incident | Author | Visible | |||
|---|---|---|---|---|---|---|---|
 | 152 Chrome Live Wallpaper Extensions Hid Ad Tracking and Faked Google Search Traffic | 2026-06-12 | True | Kush Pandya | True | ||
| npm Tooling Bug Incorrectly Marks One-Character Packages as Security Holders | 2026-06-09 | True | Sarah Gooding | True | ||
| Mini Shai-Hulud, Miasma, and Hades Worms Target Bioinformatics and MCP Developers via Malicious PyPI Wheels | 2026-06-08 | True | Kirill Boychenko | True | ||
| Shai-Hulud Descends to Hades: Miasma Worm Campaign Spreads with New PyPI Wave | 2026-06-07 | True | Socket Research Team | True | ||
| pnpm 11.5 Adds Support for Recognizing npm Staged Publishes | 2026-06-04 | True | Sarah Gooding | True | ||
| Mini Shai-Hulud Campaign Hits Red Hat Cloud Services npm Packages | 2026-06-01 | True | Socket Research Team | True | ||
| Famous Chollima Targets PHP Developers Through Compromised Packagist Package | 2026-05-31 | True | Kirill Boychenko | True |