Xygeni Blog

Must-Read Posts

open-source packages

Protecting Against Open Source Malicious Packages: What Does (Not) Work

Malicious Packages 5

Anatomy of Malicious Packages: What Are the Trends?

Open Source Malicious Packages: The Problem

XZ Backdoor Attack

XZ Backdoor: “That was a close one”

React2Shell - CVE-2025-55182 - RCE risk

Attacks Analysis

React2Shell: CVE-2025-55182 and the Next.js RCE Risk

December 5, 2025

slsa attestation - slsa framework - SLSA v1.2

Build Security

SLSA v1.2 : Updates to the SLSA Framework Explained

December 5, 2025

OWASP Top 10 2025 -owasp top ten - OWASP Top 10

SDLC

OWASP Top 10 2025 Explained for Developers

December 3, 2025

shai hulud - npm supply chain attack

Attacks Analysis

Shai-Hulud 2.0 NPM Supply Chain Attack

November 28, 2025

AI

AI for Coding Explained: 10 Simple Answers Developers Need

November 21, 2025

AI

Agentic AI: The Complete Guide for Developers, AI Engineers, and AppSec Teams

November 21, 2025

SDLC

Black Hat Europe 2025: Meet Xygeni at Booth 221

November 19, 2025

dockerfile secrets - dockerfile secrets environment variables

Secrets Security

Dockerfile Secrets: Why Layers Keep Your Sensitive Data Forever

November 19, 2025

docker build args - build args docker - docker build build arg

Secrets Security

Docker Build Args: The Hidden Vector for Secret Leaks in Images

November 19, 2025

task.run c# - async programming - parallel execution

Code Security

Task.Run in C#: The Wrong Way to Parallelize Secure Code

November 18, 2025

path traversal attack - file upload vulnerability

Code Security

Path Traversal in File Uploads: How Developers Create Their Own Exploits

November 18, 2025

bepinex.configurationmanager

Code Security

BepInEx.ConfigurationManager: How Insecure Settings Expose Sensitive Data

November 17, 2025