Attacks Analysis

PhantomBot From Credential Theft to Botnet

18 May PhantomBot: A Typosquat Campaign That Pivoted From Credential Theft to a Turnkey Botnet Kit

Posted at 09:44h in Attacks Analysis, Must Read, Secrets Security by Xygeni Security Team 0 Comments

Uncover the details of The 24712-pl Campaign and the zero-dependency packages exploited during a security incident....

08 May AWS Lambda npm Dependency Confusion Attack: The 24712-pl Campaign

Posted at 12:44h in Attacks Analysis, Must Read, Secrets Security by Xygeni Security Team 0 Comments

Uncover the details of The 24712-pl Campaign and the zero-dependency packages exploited during a security incident....

07 May alone5511 npm Dependency Confusion Attack

Posted at 14:39h in Attacks Analysis, Must Read, Secrets Security by Xygeni Security Team 0 Comments

An npm dependency confusion attack used eight malicious packages to fingerprint hosts and send RCE telemetry to Telegram....

06 May EVM/DeFi npm Typosquatting Attack Steals Developer Keys

Posted at 14:58h in Attacks Analysis, Must Read, Secrets Security by Xygeni Security Team 0 Comments

A npm typosquatting attack used six malicious EVM/DeFi packages to steal developer keys, wallets, secrets, and .env files....

FauxCode When Your Reverse-Engineered Claude Code Quietly Routes Through the Attacker

04 May FauxCode: Reverse-Engineered Claude Code Routes Through Attackers

Posted at 19:37h in Attacks Analysis, Must Read, Secrets Security by Xygeni Security Team 0 Comments

FauxCode Claude Code npm malware used fake CLI packages to intercept API traffic through CA-bundle MITM and base URL hijacking....

04 May DevTap npm Typosquatting Attack: Six Malicious Packages Target Developer Workstations

Posted at 18:43h in Attacks Analysis, Must Read, Secrets Security by Xygeni Security Team 0 Comments

DevTap npm typosquatting attack used six malicious packages to spy on developer workstations and abuse npm trust....

16 Apr Axios npm Compromise: What Happened, Who Is Affected, and How to Prevent It

Posted at 18:29h in Attacks Analysis, Must Read by Fátima Said 0 Comments

Xygeni identifies Nyx: a sophisticated npm Infostealer hijacking Discord and crypto wallets using advanced runtime decryption....

27 Mar LiteLLM Attack: How Xygeni Stops Secret Exposure Fast

Posted at 14:27h in Attacks Analysis, Must Read, Secrets Security by Fátima Said 0 Comments

LiteLLM attack exposed critical secrets. See how Xygeni detects, verifies, and revokes credentials before attackers use them....

26 Mar LiteLLM Supply Chain Attack: How TeamPCP Backdoored AI Infrastructure

Posted at 11:33h in Attacks Analysis, Must Read by Luis Rodríguez 0 Comments

Explore the security breach of LiteLLM, affecting millions of users with multi-stage payloads and devastating consequences....

27 Feb New npm Infostealer Discovery: Nyx Stealer Hijacks Discord Sessions

Posted at 11:55h in Attacks Analysis, Must Read by Fátima Said 0 Comments

Xygeni identifies Nyx: a sophisticated npm Infostealer hijacking Discord and crypto wallets using advanced runtime decryption....

25 Feb Malicious npm Package in Baileys Fork (Skyzopedia Case)

Posted at 16:22h in Attacks Analysis, Must Read by Fátima Said 0 Comments

Malicious npm package abuses a Baileys fork to inject runtime spam behavior through a GitHub-controlled payload....

18 Feb allintext:login filetype:log – How Exposed Logs Leak Credentials

Posted at 12:08h in Attacks Analysis by Fátima Said 0 Comments

allintext:login filetype:log exposes public log files with credentials and tokens. Learn how to stop log-based data leaks....