Erika N Tharp (サープ恵里花)

about 18 hours ago

🚨 Mini Shai-Hulud/Miasma has now spread to PyPI. Socket found 37 malicious artifacts across 19 PyPI packages. The packages abuse #Python .pth startup behavior to launch a Bun-powered credential stealer targeting developer, cloud, and CI/CD secrets. https://t.co/tYhmMqvjyw

5

208

64

78

19K

etharp5 retweeted

3 days ago

RubyGems 4.0.13 adds a cooldown feature to Bundler for newly published gems. The opt-in setting lets projects delay dependency resolution for new gem versions, reducing exposure during the short window when malicious releases often spread fastest. https://t.co/c537BrueJj

1

31

6

3K

筑波大学情報学群情報科学類 3年/ Education-JAWS運営/ クラウド、映像、旅行

3 days ago

ぜひ @SocketSecurity 目線でお話しさせていただきたいなあ。

0

1

0

44

Who to follow

栗栖幸久 / Yukihisa Kurisu

@kurimoni367

Yuji Nomura

@ugnomura

何を理解していないために理解したいことが理解できていないのか。 Solutions Architect at {null} / Opinions are my own. 小太鼓はレギュラーでマリンバはバートン。

Takayuki Yoshioka😼

@yoshioka_cb

一応エンジニアでベースはRubyで最近はTypeScript（React）をよく触ってます。環境構築はクラウド（AWS, GCP）におんぶに抱っこ。趣味は酒、フットサル、ジョギング、バイク、猫いじり。エンジニアのコミュニティー活動も色々やってます。

3 days ago

気になる！最近日本のユーザーさんも増えており、日本内でのサプライチェーン攻撃に対する意識が高まっているのを感じてる。

がっきー

@keitah0322

3 days ago

こちら6/9 火曜日に登壇させていただきます。まだまだ参加可能ですので、宜しくお願い致します。 https://t.co/DWEUYK2HfK

0

9

4

2

2K

1

2

1

0

353

etharp5 retweeted

4 days ago

📦 @pnpmjs 11.5 adds support for recognizing npm staged publishes after staged approval metadata triggered a false downgrade signal. As npm adds more release paths, registry metadata needs to make it clear how each package version was published. https://t.co/hNerib86mu

2

88

10

14

25K

etharp5 retweeted

4 days ago

💸 The Department of Commerce has released a sharply critical audit report on NIST’s management of the National Vulnerability Database. Federal auditors found NIST: • Had no strategic plan to clear NVD backlog • Set an unrealistic backlog deadline • Delayed use of CISA enrichment data • Failed to prioritize KEVs quickly • Relied on inefficient enrichment processes • Eroded trust in the NVD through poor communication The report also found that NIST and CISA ran overlapping enrichment programs without coordination, sometimes using the same contractor to perform the same work. Auditors identified at least 21,000 duplicated enrichment activities and ~$200K in wasted funds. https://t.co/TuExuk5iWE

SocketSecurity's tweet photo. 💸 The Department of Commerce has released a sharply critical audit report on NIST’s management of the National Vulnerability Database.

Federal auditors found NIST:

• Had no strategic plan to clear NVD backlog
• Set an unrealistic backlog deadline
• Delayed use of CISA enrichment data
• Failed to prioritize KEVs quickly
• Relied on inefficient enrichment processes
• Eroded trust in the NVD through poor communication

The report also found that NIST and CISA ran overlapping enrichment programs without coordination, sometimes using the same contractor to perform the same work. Auditors identified at least 21,000 duplicated enrichment activities and ~$200K in wasted funds.

https://t.co/TuExuk5iWE

2

24

8

6

3K

etharp5 retweeted

6 days ago

🚨 Active supply chain attack: A mini Shai-Hulud campaign hit npm packages under the @redhat-cloud-services namespace. The compromised packages execute install-time malware to harvest developer and CI/CD secrets, with encrypted exfiltration and GitHub-based fallback mechanisms.

SocketSecurity's tweet photo. 🚨 Active supply chain attack: A mini Shai-Hulud campaign hit npm packages under the @redhat-cloud-services namespace.

The compromised packages execute install-time malware to harvest developer and CI/CD secrets, with encrypted exfiltration and GitHub-based fallback mechanisms. https://t.co/oO79fqmAEs

11

150

45

35

17K

etharp5 retweeted

7 days ago

Rust is moving toward a formal LLM contribution policy after months of heated internal debate, driven by a wave of low-effort "slop PRs" straining maintainers. The proposal bans LLM authorship but allows private use. https://t.co/ec83y49xCs

2

50

9

10

7K

etharp5 retweeted

7 days ago

Famous Chollima, the North Korean threat group known for fake job interview lures, appears to have used a PHP/Packagist package path in a targeted developer lure. We found the loader in a compromised Laravel package, on a branch that could be installed through Composer. It was appended after a normal Tailwind config and used TRON, Aptos, and BNB Smart Chain RPC infrastructure to retrieve and run remote JavaScript. Developers should be careful with “interview task” or “take-home project” requests that ask them to clone a repo, check out a specific branch, or install an exact dev dependency.

SocketSecurity's tweet photo. Famous Chollima, the North Korean threat group known for fake job interview lures, appears to have used a PHP/Packagist package path in a targeted developer lure.

We found the loader in a compromised Laravel package, on a branch that could be installed through Composer. It was appended after a normal Tailwind config and used TRON, Aptos, and BNB Smart Chain RPC infrastructure to retrieve and run remote JavaScript.

Developers should be careful with “interview task” or “take-home project” requests that ask them to clone a repo, check out a specific branch, or install an exact dev dependency.

3

88

28

13K

etharp5 retweeted

10 days ago

New research: A malicious NuGet package impersonating Sicoob’s official SDK exfiltrated client IDs, PFX passwords, and banking certificates through Sentry telemetry. A fake SDK for stealing API secrets: https://t.co/zn7Y1TYoWT

2

22

8

4K

11 days ago

@UG1N ゴミ出し監視おじさんとは…！笑

0

1

0

48

etharp5 retweeted

11 days ago

Open source maintainers were already overloaded. AI-driven vulnerability discovery is about to send a lot more findings their way. @feross on @tbpn 👇 https://t.co/bhzqK84LmM #oss

3

29

4

8

7K

11 days ago

👀

松本美鈴🪽Oikaze Ventures

@miaspired

12 days ago

1年ぶりに、VC転職に興味がある女性向けのイベントを開催します！是非お気軽にご参加ください☺️ https://t.co/k6WBByXYfI

0

29

5

2

7K

0

80

etharp5 retweeted

11 days ago

OSV has withdrawn 157 malware reports after automated detections incorrectly flagged npm and PyPI packages as malicious, pushing bad records for trusted projects into OSV-consuming security tools and CI/CD systems. https://t.co/wKShstdUaD

2

64

18

8K

12 days ago

@hirokonishimura Baby carrot sticks (そのまま)とか味ついていないのり（そのまま）とかLalabarとかですかね〜

1

0

309

etharp5 retweeted

Cointelegraph

@Cointelegraph

14 days ago

🚨 ALERT: TrapDoor malware is targeting crypto and AI developers via a supply chain attack, deploying 34 malicious packages to steal wallets, SSH keys, and API keys. The malware also injects hidden instructions to hijack AI coding assistants including Claude and Cursor.

Cointelegraph's tweet photo. 🚨 ALERT: TrapDoor malware is targeting crypto and AI developers via a supply chain attack, deploying 34 malicious packages to steal wallets, SSH keys, and API keys.

The malware also injects hidden instructions to hijack AI coding assistants including Claude and Cursor. https://t.co/1guMJl2ubp

57

157

44

24

25K

etharp5 retweeted

Hackmanac

@H4ckmanac

14 days ago

🚨Cyber Alert ‼️ 🇯🇵Japan - 𝗞𝗼𝗮 𝗚𝗹𝗮𝘀𝘀 𝗖𝗼., 𝗟𝘁𝗱. The Gentlemen hacking group claims to have breached Koa Glass Co., Ltd. Threat actor: The Gentlemen Sector: Manufacturing Data exposure (claimed): Not specified Data type: Not specified Observed: May 25, 2026 Status: Pending verification ESIX©: 5.04 Full details and impact assessment on https://t.co/eB7qgxKFAa

H4ckmanac's tweet photo. 🚨Cyber Alert ‼️

🇯🇵Japan - 𝗞𝗼𝗮 𝗚𝗹𝗮𝘀𝘀 𝗖𝗼., 𝗟𝘁𝗱.

The Gentlemen hacking group claims to have breached Koa Glass Co., Ltd.

Threat actor: The Gentlemen
Sector: Manufacturing
Data exposure (claimed): Not specified
Data type: Not specified
Observed: May 25, 2026
Status: Pending verification
ESIX©: 5.04

Full details and impact assessment on https://t.co/eB7qgxKFAa

1

49

18

10

17K

etharp5 retweeted

jonah

@jonahseguin

14 days ago

Can someone please explain to me why we are still waiting until AFTER a package is published and distributed to take action? Why doesn’t npm scan packages with Socket or similar before allowing them to be distributed?

38

966

39

113

151K