DeviceDoor: a public npm package shipping a Microsoft 365 device-code phishing and bulk-mail framework
OWASP Global AppSec EU 2026 Vienna: Key Takeaways on Secure Software Supply Chain, MCP Security, and the AI-BOM
Attacks Analysis SkillLeak: A Browser-Credential Decryptor Delivered Through an MCP Skill July 3, 2026
Must Read Keys to use AI cybersecurity, Zero Trust SDLC, how to secure AI-generated code, AI Security July 2, 2026
Must Read What Is an AI Inventory? A Practical Guide to AI Asset Discovery, AI-BOM and Shadow AI July 1, 2026
Attacks Analysis DeviceDoor: a public npm package shipping a Microsoft 365 device-code phishing and bulk-mail framework June 30, 2026
Must Read OWASP Global AppSec EU 2026 Vienna: Key Takeaways on Secure Software Supply Chain, MCP Security, and the AI-BOM June 30, 2026
Attacks Analysis CryptoDAO Confusion: eleven npm packages, one payload, harvesting CI/CD and crypto-wallet secrets June 22, 2026
Attacks Analysis Permission Slip: An npm “Authorized Research” Cover Story Hiding Cloud-Metadata Probes and SYSTEM Persistence June 22, 2026
Attacks Analysis Ectoplasm: npm install hooks that harvest AWS credentials behind a container-only trigger June 12, 2026
Attacks Analysis SeedSweep: Ten Crypto-Themed npm Packages That Only Run When No One Is Watching June 9, 2026
Attacks Analysis PairLoop: One npm Package, Seventy Versions, and a Hidden Windows Remote-Control Panel June 5, 2026
Attacks Analysis ConsentMask: An npm Package That Wears a Telemetry Consent Banner Over Developer-Identity Harvesting June 4, 2026