→ 175 malicious packages
→ 135+ targeted organizations
→ 26,800+ downloads
→ Fully automated victim generation
→ Pre-filled credential forms
→ Complete PyInstaller toolkit included

Technical deep-dive with full IOCs: 👉 socket.dev/blog/175-mal...

AppSec is not just protecting your product/business, it's about protecting everyone!

These packages do nothing malicious to developers/products they infect. Instead, they are targeting web visitors of the infected apps, with the ultimate goal of mass credential harvesting.

Supply chain attacks are evolving and so should your security practices.

case-in-point: Beamglea - a campaign that turns npm 💔 into a phishing-as-a-service platform

This isn't your typical supply chain attack. It's infrastructure weaponization.

socket.dev/blog/175-mal...

Happy to share I'm getting back to my roots in open source, this time around on the side of protecting software development!

If you haven't yet, you should install @socket.dev for your team!

🚨 npm phishing alert!
Attackers are sending emails from spoofed [email protected] addresses linking to a typosquatted clone site (npnjs.com) to steal credentials. This attack is designed to hijack npm accounts. Careful with those email links: socket.dev/blog/npm-phi... #nodejs #JavaScript

get some perspective.

2 million people, surrounded by walls and the sea, under a 17+ year blockade.

what if it was in your city?

#GazaAttack #Gaza #GazaEverywhere

ahmadnassri.github.io/gaza-everywh...

what's with the recent explosion of PMP certification spam on LinkedIn ????

I'm starting to document some of my fundamental learnings in this industry in writing ... took a first stab at some of it in a guesr post at Unified's blog (disclaimer: I'm an advisor)

next post will be about TCO & MVP architecture needs for startups

note: those existed in non-fractional roles as well, but I saw those as my ownership to fix / address, and for the most part, I managed to resolve ~80% of the time

the staggering amount of over-engineering, horrible leadership, and clueles product owners I've seen after ~3 years of being a Fractional CTO really makes me question this entire career / industry...

if I had to do it all over again, I'd probably go into banking or law ...

dev++ 🧠: write a custom TF module to group & manage domains with a yaml data source that shares reusable configs

normal 🧠: need to update a single DNS record for my domain

dev 🧠: now is the right time to migrate 50+ domains from Google Domains to CloudFlare AND do a full Terraform automation pipeline on GH Actions to manage them all!

I AM HERE!