Philipp Burckhardt @burckhap
⚡Securing Software Supply Chains at @SocketSecurity (https://t.co/rjmrp0fCL0) 🔭 Scientific computing for the web via @stdlibjs (https://t.co/nJc4oxoUlD) philipp-burckhardt.com Pittsburgh, PA Joined October 2010-
Tweets7K
-
Followers2K
-
Following2K
-
Likes5K
More details on our blog, including recommended actions for defenders against yet another supply chain attack on the npm open-source ecosystem: socket.dev/blog/namastex-…
0
0
0
119
0
View Details
Today, Socket detected malicious Namastex.ai npm packages that appear to replicate TeamPCP-style Canister Worm patterns, including exfiltration and self-propagation.
We identified 72 malicious Open VSX extensions linked to the GlassWorm campaign, including many cases where the malware is distributed transitively by being delilvered via covert extension packs. See below for link to our full coverage.
Philipp Burckhardt retweeted
We are starting a research internship program at @SocketSecurity We are particularly interested in PhD students who want to apply their research ideas in the broad space of software supply chain security and simultaneously gain industry experience and real-world impact.⬇️
And the malicious Rust crates here socket.dev/blog/two-malic…
Stay vigilant and keep those dependencies scanned! Read more about the QR code attack here: socket.dev/blog/malicious…
While we haven't seen major supply chain attacks hitting any of the major open-source ecosystems, the Socket Threat Research Team uncovered some fascinating and creative attack techniques worth sharing:
Philipp Burckhardt retweeted
Hey, you! Want to protect your dev machine from npm malware without changing your workflow? Try a new tool that transparently isolates npm cli in a docker container. No need to remember to do anything! Early access: github.com/lavamoat/kipuka RT for reach 😉 and help me improve
Direct link to post: blog.stdlib.io/reflection-on-…
On the @stdlibjs blog, we just published my take on @METR_Evals's surprising study: AI tools made experienced developers 19% slower (expectation: 40% faster!)🤯 I dive into the why, where AI coding tools actually help, and how I've shifted from handholding AI to async delegation.
Read more: socket.dev/blog/protestwa…
Undocumented Protestware We found hidden functionality in 28+ npm packages that disables UI for Russian-language users visiting .ru or .by domains. No CVEs. No advisories. No documentation. Just behavior-based disruption quietly copied into packages and shipped to production.
Two major npm supply chain discoveries this week from the Socket Research Team highlight a critical gap in traditional security approaches. Both threats would slip past security tools that rely on vulnerability databases or metadata alone.
@typesfast "The Wealth and Poverty of Nations" by David Landes.
These packages, disguised as "the cheapest Cursor API," install backdoors that steal credentials and modify crucial files. In total, sw-cur, sw-cur1, and aiide-cur have been downloaded 3,200+ times before discovery. Read more on the Socket blog: socket.dev/blog/malicious…
🚨 With vibe coding being on everyone's minds and AI code generations seemingly becoming ubiquitous, it is not surprising that this attracts also malicious actors. Kirill Boychenko just uncovered three malicious npm packages targeting Cursor users on macOS.
Over the last few months, I have been picking up Cursor again after finding it not substantially improving my productivity when I tried it last year. It, and the LLMs powering AI code completions, have gotten so much better that I now really enjoy its agent workflow.
Evan Kirstel #B2B #Te... @EvanKirstel
378K Followers 311K Following TV host, Podcaster, Tech influencer, content creator, Industry Expert w/600K followers, focus on #Enterprise 💻 #Cloud ☁️#5G 📡#AI 🤖#Telecom ☎️ 🔑 #Cybersec
Ronald van Loon @Ronald_vanLoon
353K Followers 163K Following Helping AI driven companies generate value•Top10Influencer #AI #BigData #DataScience #IoT #MachineLearning #Analytics #Cloud
Ron Yurko @Stat_Ron
7K Followers 1K Following Assistant Teaching Professor, Director of Carnegie Mellon #SportsAnalytics Center https://t.co/bH22Ka8HwC @CMU_StatDS
Dr. Robin Kiera @stratorob
47K Followers 12K Following #Digitalization #insurtech, #fintech #blockchain #cloud #ai #professional - #speaker #author. In ❤️ with #TikTok at https://t.co/ZSlci4K2jY
Kohei Kurihara - Priv... @kuriharan
66K Followers 44K Following Co-founder @pbdlab, develop data privacy culture and collaborative measures for future data society. Let’s make collaboration for sustainable society together!
Harold Sinnott 📱 @HaroldSinnott
115K Followers 61K Following AI & Intelligent Connectivity Analyst | | 150K+ Global Community | 1.5M+ YouTube Views | #MWC @MWCHub & @CES | Enterprise Impact
Alvin Foo @alvinfoo
162K Followers 12K Following Venture Partner | ex-Google | Decoding AI • Motivational stories on innovation & resilience • Tesla/SpaceX insights 🚀
André Staltz @andrestaltz
25K Followers 289 Following JavaScript and open source guy. Working at @SocketSecurity Previously @manyver_se, SSB, @cyclejs, RxJS
Matteo Collina @matteocollina
57K Followers 4K Following @platformatic Co-Founder & CTO, @nodejs TSC Chair, Lead maintainer @fastifyjs, Board @OpenJSF, Conference Speaker, Ph.D. Past: @nearform. Views are my own.
ipfconline @ipfconline1
140K Followers 106K Following Digital Transformation Consulting #AI #MachineLearning #DeepLearning #DataScience #AIEthics #EdgeComputing #Fintech #DigitalMarketing
James Gingerich #B2B ... @jamesvgingerich
159K Followers 118K Following #SocialMedia #Selling #B2B #Sales #Consulting #DigitalTransformation #Technology #History #FutureOfWork #Manufacturing #Robotics #Automation
Kirk @KirkDerpca
228 Followers 217 Following Kirk from https://t.co/yKnARcdLm6 Security Research - We like the internet.
osj @inf0stache
357 Followers 251 Following security engineering | research — malware delivery and how it works
Rami McCarthy @ramimacisabird
5K Followers 905 Following security, for the internet, at @wiz_io! opinionated about security. 🇺🇸 in 🇸🇪 (he/him)
Nancy T @esrakoc05
12 Followers 688 Following Just a colorful girl who feels velvet and dreams fragile futures 🌌
tuckner @tuckner
3K Followers 853 Following Finding bad software extensions at @SocketSecurity (acquired @secureannex). #️⃣ https://t.co/KGANHVF6BP
OneWildSoul @OneWildSoul1
18 Followers 981 Following
Hemang Choudhary @codeinlive
15 Followers 93 Following
@vky🧉 @utso_11
81 Followers 2K Following Obsessed with #computational complexity theory, #chesspunk addict 2130 elo peak, Thinker .#centrist keen on policy making,domestic&geopolitical analysis.
Tracebit @tracebit_com
311 Followers 4K Following The Assume Breach platform that detects intrusions in seconds. Also on https://t.co/T4VNPGjS2O
Daniel B Freely @DanielBFreely
36 Followers 1K Following
Ahmad Nassri @AhmadNassri
4K Followers 317 Following CTO @SocketSecurity past: @npmjs @telusdigital @thekonginc @cbc @blackberry
Partha Das @Parthodasm23
723 Followers 508 Following • Open Source Contributor • Focused on React, Node.js & DSA -- https://t.co/0Ef1j5UTNI
Venkat.devnet.arc @Archuser__
187 Followers 888 Following Blockchain dev | 2x Global hackathon winner | 1x startup |https://t.co/2gcCd1PJYJ |
Divyanshu @DivyanshuVortex
77 Followers 134 Following Free Radical ⚛️ github : https://t.co/IIs3SuUpFD
Alexandros Kapravelos @kapravel
2K Followers 1K Following Head of Research @SocketSecurity Professor @NCState systems and software security 💡
QueryDeck.io (Beta) @QueryDeck_
32 Followers 324 Following Instant GraphQL and REST APIs for any postgreSQL database! Build, deploy and host in seconds. Free and open source
Robert Scoble @Scobleizer
586K Followers 50K Following San Francisco/Silicon Valley AI | Robots, holodecks, BCIs, analysis of new things | Ex-Microsoft, Rackspace, Fast Company | Wrote eight books about the future.
Lillian🌼🤍 @Lillicrisppp
71 Followers 2K Following bookworm with a soft spot for cheeseburgers and late night playlists What are u waiting for? Join my BIO ⬇️⬇️
Leota Karly @KarlyLeota8690
4 Followers 208 Following
EricaJoyce @85QRvL66Y9MtkgA
242 Followers 6K Following Lawyer by day | True crime podcaster by night ⚖️🎙️
ouye @ouye1
2 Followers 72 Following
charmaine @charmaine_klee
8K Followers 4K Following @anthropicai. prev: @valdottown, dev tools @snap 👻, @unitygames labs. 🇨🇦
John Ayo @JohnAyo353392
8 Followers 178 Following
Adam @AdamCySec
112 Followers 496 Following Threat Hunter 🔎 | Team Blue 💙 | Powershell | Python | @cisaCatalogBot Creator
Druiurau @Druiurau4848
30 Followers 1K Following
0nix @0xNixi
2 Followers 108 Following
Aditya Rawat @adityawilltweet
3 Followers 19 Following This is Aditya Rawat , intrested in things of web,
kushagra @kushagras_22
59 Followers 161 Following building scalable web applications and decentralized platforms
Gagan @daammmmmitsme
744 Followers 2K Following 🚀 | Passionate about coding, design, and building for the web 💻 | 🧑💻 Always learning and creating | 2x Founding Engineer | Building https://t.co/NX3ZJf7aqB
Neaners @Neanersut5U
32 Followers 4K Following
Gaurav Jadhav @G4URAV_01
0 Followers 33 Following
Rishav Tarway @RishavTarway
15 Followers 571 Following
bess @bessx_
85 Followers 4K Following
DarkGL @darkgl_
83 Followers 616 Following I do stuff and I like to make javascript/go/rust fast https://t.co/pcmG2YD8ss
vaderboi @jacob16432249
91 Followers 113 Following I have a worthless degree in applied physics, instead of womens/negro/lesbian dance therapy studies.
Mauro Eldritch 🏴�... @MauroEldritch
11K Followers 745 Following 💉 Hacker & Speaker 🏴☠️ Founder @DC54111 & @BirminghamCyber 🖤 Threat Intel, Fabergé, Eastern Europe, Gothic Rock 🐰 "But first, they must catch you".
Aodhan Hamilton @mvaodhan
1K Followers 3K Following JavaScript / NextJS / Node enthusiast. Building solutions and learning new technologies. Freelance developer and assistant, always looking to improve my skills.
K.B., PhD @K_Bonson
182 Followers 422 Following Science & Tech Professional | 🇯🇵🇨🇦🇺🇸 | Pibble mom | Musician wife | She/Her | Now over where the sky is blue.
Evan Kirstel #B2B #Te... @EvanKirstel
378K Followers 311K Following TV host, Podcaster, Tech influencer, content creator, Industry Expert w/600K followers, focus on #Enterprise 💻 #Cloud ☁️#5G 📡#AI 🤖#Telecom ☎️ 🔑 #Cybersec
Kent C. Dodds 🏹 @kentcdodds
320K Followers 451 Following Husband, 6x Dad, Latter-day Saint, Dev, Educator 🏹 https://t.co/bGlNcdW2iJ ⚡️ https://t.co/X8fNGbdL2y 🌌 https://t.co/pPQmnZS6rR 🚀 https://t.co/NYn5aJVGve 🏆 https://t.co/U5KafpJTZp
Ronald van Loon @Ronald_vanLoon
353K Followers 163K Following Helping AI driven companies generate value•Top10Influencer #AI #BigData #DataScience #IoT #MachineLearning #Analytics #Cloud
BrendanEich @BrendanEich
204K Followers 2K Following Co-founder & CEO @Brave Software (https://t.co/NV4bmd6vxq) and @attentiontoken (https://t.co/XhGIrdBJWu). Co-founded Mozilla & Firefox. Created JavaScript.
Sarah Drasner @sarah_edo
297K Followers 3K Following Opinions my own Area Tech Lead, AI and Web Ecosystem @chrome, Formerly Sr. Director of Core Infra @google • O'Reilly Author • https://t.co/HhzYWwxYAH
Ron Yurko @Stat_Ron
7K Followers 1K Following Assistant Teaching Professor, Director of Carnegie Mellon #SportsAnalytics Center https://t.co/bH22Ka8HwC @CMU_StatDS
Adam Wathan @adamwathan
292K Followers 822 Following Markdown engineer. Creator of @tailwindcss. Listener of Slayer. Austin 3:16.
Dr. Robin Kiera @stratorob
47K Followers 12K Following #Digitalization #insurtech, #fintech #blockchain #cloud #ai #professional - #speaker #author. In ❤️ with #TikTok at https://t.co/ZSlci4K2jY
Jason Miller 🦊⚛ @_developit
63K Followers 2K Following Platform DX @Shopify. Created @preactjs. Do more with less. https://t.co/z1d6J24DlE @[email protected]
Chris Heilmann codepo... @codepo8
66K Followers 2K Following The robots are coming and we need to make a great example for them. Author, presenter, A11y lover, Online teacher at Skillshare and LinkedIn Learning
mrdoob @mrdoob
87K Followers 774 Following Award losing non creative junior vibe coder. May or may not have something to do with @threejs.
Dr Kareem Carr @kareem_carr
174K Followers 326 Following Statistician. Writer. PhD@Harvard. Thinking about scientific evidence, judgment, and modern life
Carnegie Mellon Unive... @CarnegieMellon
83K Followers 2K Following United by curiosity and driven by passion, we reach across disciplines, forge new ground and deploy our expertise to make real change that benefits humankind.
Carlos E. Perez @IntuitMachine
62K Followers 5K Following Quaternion Process Theory, Artificial (Intuition, Fluency, Empathy), Patterns for (Gen, LRM, Agentic, Skill) AI, https://t.co/fhXw0zk5MX
Jessie Frazelle @jessfraz
132K Followers 257 Following CEO @zoodotdev, 👩🏻💻 @oxidecomputer, 📝 @ACMQueue
Kohei Kurihara - Priv... @kuriharan
66K Followers 44K Following Co-founder @pbdlab, develop data privacy culture and collaborative measures for future data society. Let’s make collaboration for sustainable society together!
Quincy Larson @ossia
296K Followers 856 Following Founder @freecodecamp. 🏕️ Teach yourself math, programming, and computer science for free. A 501(c)(3) public charity.
Harold Sinnott 📱 @HaroldSinnott
115K Followers 61K Following AI & Intelligent Connectivity Analyst | | 150K+ Global Community | 1.5M+ YouTube Views | #MWC @MWCHub & @CES | Enterprise Impact
Alvin Foo @alvinfoo
162K Followers 12K Following Venture Partner | ex-Google | Decoding AI • Motivational stories on innovation & resilience • Tesla/SpaceX insights 🚀
André Staltz @andrestaltz
25K Followers 289 Following JavaScript and open source guy. Working at @SocketSecurity Previously @manyver_se, SSB, @cyclejs, RxJS
Kirk @KirkDerpca
228 Followers 217 Following Kirk from https://t.co/yKnARcdLm6 Security Research - We like the internet.
osj @inf0stache
357 Followers 251 Following security engineering | research — malware delivery and how it works
Bryan Cantrill @bcantrill
51K Followers 4K Following Co-founder and CTO of @oxidecomputer. According to @fieldofschemes, "tech exec and Oakland A's fan" -- but more of a Ballers fan now. @bcantrill.bsky.social
Rami McCarthy @ramimacisabird
5K Followers 905 Following security, for the internet, at @wiz_io! opinionated about security. 🇺🇸 in 🇸🇪 (he/him)
Adnan Khan @adnanthekhan
4K Followers 255 Following Security Engineer | Part Time Security Researcher | Build Pipeline Menace | All thoughts and opinions are my own | 🍉
Ahmad Nassri @AhmadNassri
4K Followers 317 Following CTO @SocketSecurity past: @npmjs @telusdigital @thekonginc @cbc @blackberry
Vicente Fox Mulder @WASPmexicano
8K Followers 895 Following The dumb ass speaking with a man’s voice forbad the madness of the prophet.
Saxon Magnate @mars_monkey17
356 Followers 696 Following Ave Christus Rex. Henry Ford appreciator. Protestant. Death to God's enemies. Reposts are full-throated endorsements.
Alexandros Kapravelos @kapravel
2K Followers 1K Following Head of Research @SocketSecurity Professor @NCState systems and software security 💡
Zach Tratar @zachtratar
19K Followers 4K Following AI @ Notion. Former: Embra (acquired), Stripe, Jobstart (acquired) & UIUC ECE. Angel Investor. Centrist. No one's 100% wrong.
Robert Balicki (👀 ... @StatisticsFTW
2K Followers 1K Following @isographlabs framework author. Currently @Pinterest. Ex-React Data Team @Facebook. Co-organizer of #RustNYC. I like Rust, Relay, stats, GraphQL, React, JS
Jared Palmer @jaredpalmer
103K Followers 2K Following VP Engineering @XBOX Prev: VP CoreAI @Microsoft. VP of AI @Vercel. Creator of @v0 and @aisdk. Founder of @Turborepo (acquired by Vercel)
David Petrou @dpetrou
4K Followers 1K Following Founder & CEO @ContinuaAI | ex-Google Distinguished Software Engineer | Building https://t.co/aPhJd9xofD: Solve coding to solve everything.
Jonathan Leitschuh - ... @JLLeitschuh
4K Followers 612 Following Inaugural Dan Kaminsky Fellow | Security Researcher for the OSS Ecosystem | Speaker | Dropper of 0days (Responsibly) | @GitHub Star ⭐️ | Opinions=Mine | He/Him
Naugtur 💔🇺🇦 @naugtur
1K Followers 374 Following Working on LavaMoat - supply chain security for JS. meet.js Poland organizer. Node.js user since v0.8. Addicted to teaching.
Norm Matloff 你有�... @matloff
6K Followers 2K Following CS (frmr Stat) em. prof. Awarded #rstats author. Teach., pub. service awards. Frmr Ed-in-Chief, R Journ. LA native, 1st-gen college. Views mine.
Sam Feldman @sam_feldman_
5K Followers 1K Following Remember birthdays simply, via a text message – @birthdays_app_ // Real science, simplified by ai – @openscience_ink
Aaron Meurer @asmeurer
2K Followers 751 Following Posting about AI, Python, @SymPy, and other nonsense.
Mauro Eldritch 🏴�... @MauroEldritch
11K Followers 745 Following 💉 Hacker & Speaker 🏴☠️ Founder @DC54111 & @BirminghamCyber 🖤 Threat Intel, Fabergé, Eastern Europe, Gothic Rock 🐰 "But first, they must catch you".
Jaana Dogan ヤナ �... @rakyll
167K Followers 1K Following Software Engineer at Google. Simpler platform, better APIs. Simplicity and optimism. Personal opinions.
Karri Saarinen @karrisaarinen
89K Followers 1K Following ceo of @linear 🇫🇮🇺🇸 previously: @coinbase @airbnb, YC alumni
Chris Wysopal @WeldPond
55K Followers 1K Following Hacker. Co-founder/CTO Veracode. Former L0pht security researcher. GenAI Auto-repair of vulns is the future @weld.bsky.social @[email protected]
Armin Ronacher ⇌ @mitsuhiko
80K Followers 898 Following Creator of Flask. Building at https://t.co/uGuzfu0LKT. Bypassing Permissions. Can hand crank. Husband and father of 3 — “more nuanced in person”
Mark Kretschmann @mark_k
44K Followers 665 Following AI & Software Engineering | Practical insights on AI, code, fitness & e/acc • Accelerating the future
Shreyas Doshi @shreyas
346K Followers 1K Following Led a couple of Stripe's most successful products from early days. Prev Twitter, Google, Yahoo. Now advising & teaching. Tweets useful for some—not for everyone
Zero-knowledge Audiov... @ZkAv_Club
1K Followers 1K Following Privacy-first audiovisual (AV) collective for open-source & decentralized tech communities. We train, co-create & run AV support at community events.
Hao He @HaoHe93102943
51 Followers 94 Following Ph.D. student in Software Engineering at Carnegie Mellon University.
John Hiesey @jhiesey
139 Followers 75 Following
Morgante @morgantepell
3K Followers 4K Following Building @cognition. Founded @gritdotio (acquired by @honeycombio), @google
Snehil Shah @SnehilShah
16 Followers 169 Following
John McBride @johncodes
7K Followers 952 Following 🌊 | Co-founder, CTO @papercompute | 🎤 Hosting @opensourceready | 🐹 maintaining spf13/cobra
Frank Rundatz @FrankRundatz
2K Followers 1K Following FinTech. AI. AWS. InfoSec. Assembly, C, C++, C#, Python. Passed Level 1 CFA test. MAME, Commodore 64.
David Cramer @zeeg
32K Followers 753 Following fractional executive, full time founder @sentry https://t.co/quHCKoIxj2
Frank Kovacs @StatKovacs
98 Followers 272 Following Senior Software Engineer @ Disney Streaming. 2x CMU Stats alum. R evangelist, nodeJS hacker, Python tamer. Views are my own.
Richard Poelderl @richardpoelderl
632 Followers 1K Following Founder https://t.co/InOEbIoLPC, https://t.co/pli3kliiJr & building https://t.co/mQnIxqj718 | I help Marketing teams scale & adopt AI.You might like
FusionLayer Group
@FusionLayer
2K Followers
MHcommunicate #Mastod...
@MHcommunicate
24K Followers
Dr. Debashis Dutta
@debashis_dutta
15K Followers
Dalton (Abundance Bro...
@TDaltonC
10K Followers
Joshua Briones
@thebriones7
5K Followers
Dimitris Drandakis
@DimDrandakis
3K Followers