19 articles
Trend Micro documented QLNX, a Linux RAT that combines credential harvesting, LD_PRELOAD persistence, PAM backdoors, and rootkit behavior. The real risk is not one infected host - it is the supply chain access behind it.
npm packages no longer publish instantly. GitHub's staged publishing forces a 2FA-gated human approval before any version hits the registry — here's what it means and how to enable it.
GitHub says an employee device was compromised through a poisoned third-party VS Code extension and internal repositories were exfiltrated. Here is the fact-checked breakdown for defenders.
TeamPCP has compromised hundreds of open-source packages and stolen half a million credentials. But their OPSEC is leaking — and someone is already hunting them.
TeamPCP's Shai-Hulud is a TypeScript/Bun C2 framework targeting GitHub Actions CI/CD pipelines — it steals GitHub tokens, exfiltrates via a fake git domain, and has now been open-sourced for anyone to deploy.
How attackers turn GitHub Actions' shared build cache into a supply chain weapon — real cases, attack mechanics, detection logic, and mitigations.
Autonomous AI agents are already inside enterprise environments — and most security teams have no idea what they're doing. Here's what attackers exploit and how to defend against it.
840,000 GhostPoster victims, 3.2M+ in GitLab campaign, 4.3M+ in ShadyPanda—browser vendors removed extensions but never told users. Self-regulation failed.
Your CI/CD pipeline stores production credentials, runs code automatically, and trusts pull requests. Here's how attackers exploit that — and the detection logic to catch them.
65% of Forbes AI 50 companies leaked secrets on GitHub with 94-day median remediation time. Blue team guide to detect, prevent, and respond to repository leaks.
Unicode's invisible characters are being weaponized — hiding malicious code in repositories, hijacking AI agents, and bypassing security reviews without leaving a trace visible to human eyes.
MCP servers let AI assistants control your tools — but most users install them without understanding the attack surface. Here's what attackers already know.
On March 31, 2026, a trusted npm package with 400 million monthly downloads was backdoored for three hours. Here's how it worked and why it keeps happening.
OpenClaw went from 0 to 180,000 GitHub stars in weeks — and then came the RCE, 30,000 exposed instances, and a supply chain attack poisoning its entire skill marketplace.
Python's flexibility is also its attack surface. A practical guide to the security risks that catch developers off guard — from virtual environment isolation and PyPI typosquatting to eval() injection, pickle deserialization, and hardcoded secrets.
Discover which real-world cyberattacks Zero Trust prevents—and which ones it doesn't. Analyzed through 2025-2026 breach data including ransomware campaigns, insider threats, supply chain compromises, and social engineering attacks.
Millions run shared Colab notebooks without reading them. Here's what that actually costs you — from Google Drive exfiltration to OAuth token theft and supply chain attacks.
ZIP archives are a common malware delivery vector. zipguard is a zero-dependency Python CLI that blocks ZipSlip, archive bombs, executable drops, and ZIP64 manipulation before anything hits disk.
Gate is an open-source Python CLI that catches what Trivy and Snyk miss: newly published packages, suspicious install scripts, and maintainer takeovers. Zero dependencies by design.