🚨 Active supply chain attack spanning npm, PyPI, and Crates.io simultaneously. Socket is tracking a campaign we’re calling TrapDoor: 34 malicious packages and 384 versions designed to steal crypto wallets, SSH keys, AWS credentials, GitHub tokens, browser data, and environment variables from developers. We had a median detection time of 5 minutes and 27 seconds. Fastest detection was 58 seconds after publication. The packages target crypto, DeFi, Solana, Sui/Move, and AI developers. Names like crypto-credential-scanner, solidity-deploy-guard, sui-move-build-helper, and prompt-engineering-toolkit are crafted to look like legitimate dev tools. Each ecosystem uses a different execution path: • npm: postinstall hooks run trap-core.js, a 1,149-line credential harvester that validates stolen AWS/GitHub tokens via API calls and attempts SSH-based lateral movement • PyPI: packages auto-execute on import, download JavaScript from an attacker-controlled GitHub Pages domain, and run it via node -e • Crates.io: malicious build.rs scripts search for wallet keystores, XOR-encrypt them, and exfiltrate to GitHub Gists What makes this campaign especially notable: the npm payload plants persistence through .cursorrules and CLAUDE.md files using zero-width Unicode characters, attempting to trick AI coding assistants into running “security scans” that exfiltrate secrets. The attacker also opened PRs against major AI projects (LangChain, LlamaIndex, MetaGPT, OpenHands, browser-use) trying to inject these files into codebases directly. If you work in crypto, DeFi, or AI tooling: audit your lockfiles, check for any of the listed packages, and review your project for unexpected .cursorrules or CLAUDE.md files. Full list of IOCs and affected packages: socket.dev/blog/trapdoor-cry…

A new Mini Shai-Hulud “Hades” variant has infected 23 PyPI package versions, targeting developers with malware designed to steal tokens, keys and cloud credentials, according to @SocketSecurity. #cybersecurity #CISO #infosec bit.ly/3QxsqEQ

Found a way you can still use Mythos after the ban. (Spoiler: what a golden opportunity for fraudsters)

The US government forced Anthropic to pull Claude Fable on Friday night, days after launch. Users spent the week one-shotting code reviews and migrations. Some upgraded specifically for Fable. Now they’re demanding refunds. Government intervention can now reach directly into a commercial AI product and pull it from the market. socket.dev/blog/us-governmen…

🚀

Unprecedented

🧩 New Research: 152 Chrome "live wallpaper" extensions hid ad tracking behind false privacy disclosures and faked Google search traffic to support ad monetization. The network spanned 38 publisher accounts, 3 backend brands, and ~105K installs. socket.dev/blog/152-chrome-l…

Fascinating and clever.

NEW: malware developers added nuclear & biological weapons text to to their spyware. Goal? To trigger LLM safety refusals... so that their spyware wouldn't be analyzed by an AI security scanner. Cleanest practical example I can think of for why over-indexing on first order safety alignment is risky. When closed (and open) models ship with aggressive refusals, they will be sprinkled with second-order blindspots that attackers will discover...and exploit. We are only in the earliest days of attackers leveraging these features, and it wouldn't surprise me if users systems that need to handle complex cybersecurity issues demand that models be less safety-blunted. In the weeds: @SocketSecurity's post also shows why intention matters in how you design a malware analysis pipeline to avoid prompt manipulation. H/T to colleagues that shared this with me socket.dev/blog/mini-shai-hu…

🔥 Socket Firewall is now built into @Replit's AI-powered development experience. It’s already blocking 8K malicious packages/day across builders on the platform, giving Replit users stronger protection by default the moment dependencies are introduced. socket.dev/blog/socket-partn…

Package Firewall is now enabled by default for every builder on Replit as part of Replit Auto-Protect And its already stopping ~8,000 malicious installs per day on Replit Read more at: replit.com/blog/package-fire…

Most people run a security scan for malicious packages before publishing a project But the risk starts the moment they're installed Today we're launching Package Firewall, built in partnership with Socket It blocks malware before it ever reaches your app

Worried about malware, CVEs, slopsquatting, and more? Not on Replit! Thanks to our partnership with @SocketSecurity all Replit builders get the same types of protection that we use internally for our engineering team.

I'm live on @JSJabber to discuss AI security and JavaScript supply chain attacks! youtube.com/watch?v=XW8EBK0O…

it was great partnering with @amasad @stkenned on this, read more about Replit Auto-Protect, and how they are investing in tooling that protects builders by default: replit.com/blog/package-fire…

Please stop this madness.

npm accidentally marked a bunch of one-character packages as security holders, including c, i, n, x, several numbers, and even the - package. The registry confirmed it was a tooling bug and said a rollback is underway. socket.dev/blog/npm-tooling-…

We are now tracking 471 affected artifacts across npm and PyPI in the Mini Shai-Hulud/Miasma/Hades campaign. The newer PyPI artifacts from this wave have been added to the dedicated campaign tracker. Full breakdown: socket.dev/blog/mini-shai-hu…