The Socket Threat Research Team has reported a rise in supply chain attacks where hackers exploit open source software libraries to deliver damaging payloads. Such ecosystems as npm, PyPI, Go Module, Maven Central, and RubyGems are prime targets. Techniques include “typosquatting” where package names nearly identical to popular libraries are registered, and abusing repository and caching. Socket emphasises the need for vigilance and robust security to protect such ecosystems.
VMware ESXi, Firefox, Red Hat Linux & SharePoint 0-Day Vulnerabilities Exploited
During Pwn2Own Berlin 2025, researchers exposed critical zero-day vulnerabilities in major platforms like VMware ESXi and Microsoft SharePoint, earning $435,000 in bounties. Notably, Nguyen Hoang
