Socket Security (socket.dev blog)
socket-dev-blog · HIGH · active
Primary disclosure outlet for supply-chain security findings (TeamPCP/Mini Shai-Hulud, node-ipc, GemStuffer). Multiple in-window primaries in W21 run. Proposed by W1 sub-agent. | 2026-05-26: contributed TrapDoor + Packagist supply-chain primaries (S1, S3). | 2026-06-20 full audit (v2.62): live=Y, drill=Y. FETCH → webfetch https://socket.dev/blog (listing) then webfetch the per-article socket.dev/blog/<slug> URL for body (full technical analysis renders). AVOID: Nothing to avoid — plain WebFetch works on listing and article. Listing mixes product-announcement posts (Socket MCP/Firewall) with the supply-chain research — filter to the package-compromise titles..
Cited in 13 entries
Citation cadence
Citation days per ISO week (8 weeks of coverage span, total 11).
- Research: the trust chain, not the perimeter, was the week's attack surface2026-06-29
- npm supply-chain worms — a sustained wave across the week2026-06-29
- Looking ahead — 2026-W262026-06-29
- Miasma / "Mini Shai-Hulud" npm worm runs a new wave across LeoPlatform/RStreams packages2026-06-27
- Mastra npm supply-chain compromise (easy-day-js)2026-06-18
- Shai-Hulud/Miasma supply-chain worm jumps to PyPI as "Hades" — 37 malicious wheels across 19 packages2026-06-10
- "Miasma" worm backdoors 32 Red Hat Cloud Services npm packages via OIDC trusted-publishing abuse2026-06-02
- "TrapDoor" cross-ecosystem supply-chain campaign validates stolen tokens before exfil and poisons AI-assistant config files2026-05-26
- Mini Shai-Hulud / TrapDoor — the supply-chain worm goes cross-ecosystem, open-source and destructive2026-05-25
- Packagist supply-chain wave: Laravel-Lang autoloader backdoor and the cross-ecosystem postinstall strand2026-05-24
- node-ipc npm package backdoored via expired-domain account takeover — 90+ credential categories exfiltrated, three malicious versions, ~3-minute window to detection2026-05-16
- GemStuffer — RubyGems weaponised as a one-way exfiltration channel scraping UK local-authority ModernGov portals; new abuse pattern targets the asymmetric monitoring gap between package pull and push2026-05-14
- node-ipc npm package — backdoored via expired-domain account takeover2026-05-11