Olivia
Online
Annex Security (acq by Socket)
@secureannex
Discover what is hiding in your software extensions. Acquired by @SocketSecurity
Joined July 2024
5 Following
291 Followers
82 Posts
On a mission to secure the developer endpoint as more people become developers 💪
Today is a big day for @SocketSecurity. We just raised a $60M Series C at a $1B valuation, led by @ThriveCapital with participation from @a16z, @AbstractVC, and @CapitalOne Ventures. Total funding is now $125M.
Four years ago, we started Socket because open source dependencies were flowing into production faster than anyone could vet them. AI has massively accelerated that. Code is being written, shipped, and deployed before any human reads it. Security has to operate at that same speed.
One data point from Thrive's diligence that I keep coming back to: they first discovered Socket because @cursor_ai, @OpenAI, and @AnthropicAI all independently told them it was the most important security tool they'd adopted for AI-driven development. Three of the most sophisticated AI companies converging on the same vendor unprompted.
Since our Series B, Socket has grown to more than 20,000 organizations, protecting over 1.5 million repositories and blocking more than 1,000 supply chain attacks every week. The team is now over 100 people.
Three out of five FAANG companies are Socket customers. So are the companies building the most ambitious AI products: @AnthropicAI, @cursor_ai, @xai, @figma, @vercel, @Replit, @scale_AI, @GustoHQ, @Mercadolibre, and @cribl_io, alongside Fortune 100s in financial services and global media.
What we've shipped since the last round:
• Socket Firewall blocks malicious packages at install time, before they reach a developer's laptop or CI pipeline. Free for everyone.
• Reachability analysis via our acquisition of Coana, eliminating 50-80% of irrelevant vulnerability alerts by focusing only on CVEs that are actually exploitable.
• Socket Certified Patches for remediating exploitable CVEs in seconds without waiting on upstream maintainers.
• Coverage extending to browser extensions, editor extensions, MCP servers, and AI tools via our acquisition of @secureannex.
When the Axios compromise hit, our detection systems flagged the malicious dependency within six minutes. Within 24 hours, more than 2,000 organizations onboarded to Socket to block it.
Where the funding goes: deeper investment in Firewall, massively expanding Certified Patches, moving protection closer to every point of install across the developer toolchain, and new product launches pushing Socket into a category we haven't entered before.
We're hiring across engineering, sales, customer success, and threat intel.
❤️ Thank you to our customers, investors, and the open-source community for your support. Together, we’re making software safer for everyone.
🤯🤯🤯🤯
🚨 BREAKING: Socket is investigating an active npm supply chain attack compromising hundreds of packages in the @antv ecosystem.
The malicious publish wave appears tied to Mini Shai-Hulud and packages connected to the npm maintainer account atool.
Today we're announcing that @secureannex
has been acquired by @SocketSecurity! Supply chain security is a deceptively wide problem from open source code to browser extensions. Developers and IT teams can't stop it from impacting their organization alone.
https://t.co/YOCUuIVvql
Chrome extensions are so incredibly unsafe
Malware criminals find popular ones, pay the owners of the extension lots of money, they add malware to the code and millions of people get infected
Then they take your cookies, localStorage, anything they can access
Which is why in locked down advanced security devices you can't even install Chrome extensions
I mostly run uBlock Origin, but have some others that I'll just vibecode now to stay safe
HEADS UP. Popular JSON formatter extension has started injecting geolocation tracking and donation UI into websites
Reddit thread seems to think they are also swapping tracking IDs for affiliates (a-la honey)
Uninstall and switch to another one
@wesbos "Mom, how did we get so rich?"
"Your dad created an open source chrome extension then rug pulled everyone and injected malicious code, sold everyone's data and received affiliate money for every purchase they made online"
That extension that looks fine?
Attackers use this one simple trick to slip malware into your marchine.
Code extensions can declare an 'extensionPack' in their package.json to install other 'supporting' extensions.
I detected a suspicious Python extension published today that installs another extension called my-command-pallete which was published 2 days ago.
A Chrome extension with 7,000 users and a Google Featured badge was recently sold, weaponized, and pushed a malicious update to that executed code through a hidden pixel. Here's how it worked 👇
🧨 New CrashFix techniques found in browser extensions.
"Pixel Shield" — a fully functional ad blocker (4.7 stars, 561 users) because it is a uBlock Origin clone.
Hidden inside: a "Promise Bomb" that creates 10 MILLION unresolvable promises to crash your browser on command.
This report contains 287 browser extensions tracking 37 million+ users. These were identified using methodology of sandboxing extensions, automatically browsing to URLs, and measuring a data ratio transferred. Real companies, fake services, well established, it's a mixed bag.
The next supply chain worm has been seeded in Open VSX. A cloned Angular extension with 5000 downloads has been available for two weeks and was updated with malware 6 days ago. This multi stage attack uses etherhiding, gcal c2, rust implants, and more.
https://t.co/16ODlYiOsn
Needless to say. If you aren’t using https://t.co/mS3nqZ5ePC wyd????
RT @tuckner: Great work by the Obsidian Security team exfiltrating ChatGPT API keys to Telegram. I heard there's more to come!
https://t.c…
Think browser extensions are just PUPs? Here are the real impacts.
Fake browser crash → fake extension → real RAT.
KongTuke's “CrashFix” tricks users into installing a malicious Chrome extension.
Domain-joined victims hit with ModeloRAT—a Python backdoor with persistence and C2.
@RussianPanda9xx @wbmmfq @Curity4201 - https://t.co/DM02WvCb8l
I also used @secureannex and @IceSolst's @CRXaminer when I was analyzing it originally. Both very helpful tools!
https://t.co/h5q9RNJ6v8
https://t.co/ESk7o3xqQ7
A browser extension with over a million users is poaching the prompts of leading AI chat tools.
SimilarWeb loads obfuscated remote configuration to collect the prompts, responses and metadata of your conversations. Your private thoughts are analytics companies gain.
https://t.co/UDX2qsU0wS
We’ve identified a security incident affecting Trust Wallet Browser Extension version 2.68 only. Users with Browser Extension 2.68 should disable and upgrade to 2.69.
Please refer to the official Chrome Webstore link here: https://t.co/wsCyuxdLD9
Please note: Mobile-only users and all other browser extension versions are not impacted.
We understand how concerning this is and our team is actively working on the issue.
We’ll keep sharing updates as soon as possible.
Glassworm malware returns in third wave of malicious VS Code packages - @billtoulas
https://t.co/iX1W4GaQdm
https://t.co/iX1W4GaQdm
Glassworm's resurgence | by @secureannex @tuckner
"we've identified and tracked an unprecedented 23 extensions which copy other popular extensions, update after publishing with malware, manipulate download counts, and use KNOWN attack signatures which have been in use for months"
https://t.co/ur8kzHXTaS
Glassworm returned in a big way during the holiday. We're tracking 23 code extensions across the VS Marketplace and Open VSX which copy popular extensions, evade filters, manipulate their download counts, and then update with sinister malware.
https://t.co/XcwNyE5Pas
Last Seen Users on Sotwe
Little Baby Jade 🍼
Seen from Korea
JKOD. (J&K_OUTDooR)
Seen from Turkey
frenchgaymer2 
Seen from Algeria
SEO249.COM
Seen from United States
Ifsahane
Seen from Turkey
Cari selingkuhan
Seen from Indonesia
فحل صغير١6
Seen from Netherlands
Northern Hookups
Monotirou
Seen from Malaysia
จอมโจร จอมยุทธ
Seen from Thailand
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.7M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.3M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
60.9M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers