Supply chain Socket raises $60 million for its open-source security platform May 21, 2026 Share By SC Staff (Adobe Stock) As detailed in Silicon Angle, cybersecurity startup Socket Inc. has announced a $60 million Series C funding round, valuing the company at $1 billion. The investment, led by Thrive Capital with participation from Andreessen Horowitz and Capital One Ventures, brings Socket's total funding to $125 million. Package managers, tools developers use to incorporate open-source components into software, have become a significant target for cyberattacks. Hackers inject malicious code into legitimate open-source projects, compromising developer machines. Socket's platform aims to prevent these supply chain attacks by blocking malicious packages before they are downloaded. It scans open-source modules for malware, vulnerabilities, and license restrictions, reportedly blocking over 1,000 attacks weekly. The platform allows customization of responses to risky downloads and includes a "Monitor" feature for ongoing oversight of potentially risky components. Beyond blocking, Socket helps fix existing vulnerabilities with a scanner and a "Reachability" tool that filters non-exploitable issues, reducing false positives by up to 90%. They also offer "Certified Patches" to streamline the update process and tools to reduce transitive dependencies, aiming to enhance the security of software development pipelines. Source: Silicon Angle SC Staff Related Supply chain GitHub Actions workflow compromised to steal CI/CD credentials SC Staff May 19, 2026 The attack involves an "imposter commit" strategy where all existing tags in the repository were altered to point to a malicious commit. Supply chain A 6-step guide for responding to the Foxconn ransomware/supply chain incident David Balaban May 19, 2026 Here’s how to develop a more effective response to supply chain attacks. Critical Infrastructure Security TeamPCP releases ‘vibe coded’ Shai-Hulud source code, issues challenge Laura French May 15, 2026 The variant was used in recent attacks against TanStack and others – but it’s not the original, researchers say. Related Events Cybercast From code to cloud: Stopping attacks in the software supply chain On-Demand Event Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe You can skip this ad in 5 seconds