OUR BLOG

Two NPM packages masquerading as legitimate javascript libraries were published to the NPM registry this week.  The packages were published by a user named "kamations" and target the marked-js...

Published January 8, 2025 Every morning I get up and check what malicious packages my detector had found the night before.   It's like someone checking their fishing nets to see what fish they...

SourceCodeRED identified two malicious packages deployed on NPM today (December 27th, 2024) These packages were deployed by an NPM user named shulkwisec.  The two packages are "baby-electron" and...

A new malware payload is being delivered via NPM packages.  The NPM user named hi_ops published seven packages that are deploying a new MacOS malware.     How is the malware delivered? The...

The Ultralytics PyPi package was compromised today via a sneaky attack leveraging GitHub pull requests. Two consecutive package versions of the Ultralytics PyPi package were compromised and...

I've spent the last year researching the trust and safety mechanisms in SCM platforms like GitHub, GitLab, and Gitea. These platforms are important in the ecosystem, as GitHub and GitLab together...

Bug bounty programs have emerged over the last 5 years as a vital tool for identifying and mitigating vulnerabilities.   Many enterprises have accepted the value of having bug bounty programs in...

You might have recently heard people talking about "memory-safe" languages and how we all need to start using them.  There is a loud contingent of people on LinkedIn and Twitter advocating that we...

A new software supply chain attack is affecting GitHub users.  The new threat, “Gitloker” targets GitHub users repositories with a simple but effective attack: deleting everything they have access...

What is offensive security? In today's complex cybersecurity landscape, organizations use a variety of techniques to fortify their defenses and use proactive measures to ensure the integrity of...