For years, attackers went after applications one at a time. They have changed tactics: why compromise one app when you can compromise the pipeline that builds many? Xygeni’s Malware Early Warning (MEW) detected 4,452 malicious packages in 2025 and 1,281 more in 2026 so far.
TL;DR The open source supply chain threat landscape has fundamentally shifted. Three converging trends are redefining risk: Self-Propagating Worms Have Arrived Shai-Hulud (Sept 2025): First npm worm attack—stole credentials via postinstall hooks, then autonomously republished itself across ~700 package versions using compromised maintainer tokens. GlassWorm
Introduction Many organizations rely on ISO 27001 to build and maintain secure software development practices. Additionally, Annex A of the standard outlines specific controls designed to strengthen the Secure Development Lifecycle (SDLC). As a result, this article shows how Xygeni helps organizations apply these controls
Discover how exploitability-based security stops zero-day exploits and shields your systems from real threats
