Must Read

04 May DevTap npm Typosquatting Attack: Six Malicious Packages Target Developer Workstations

Posted at 18:43h in Attacks Analysis, Must Read, Secrets Security by Xygeni Security Team 0 Comments

DevTap npm typosquatting attack used six malicious packages to spy on developer workstations and abuse npm trust....

Read More

21 Apr Inject Environment Variables to the Build Process Securely

Posted at 09:00h in CI CD Security, Must Read by Fátima Said 0 Comments

Inject environment variables to the build process securely. Learn how to prevent leaks and protect secrets in CI/CD pipelines....

Read More

16 Apr Axios npm Compromise: What Happened, Who Is Affected, and How to Prevent It

Posted at 18:29h in Attacks Analysis, Must Read by Fátima Said 0 Comments

Xygeni identifies Nyx: a sophisticated npm Infostealer hijacking Discord and crypto wallets using advanced runtime decryption....

Read More

27 Mar LiteLLM Attack: How Xygeni Stops Secret Exposure Fast

Posted at 14:27h in Attacks Analysis, Must Read, Secrets Security by Fátima Said 0 Comments

LiteLLM attack exposed critical secrets. See how Xygeni detects, verifies, and revokes credentials before attackers use them....

Read More

26 Mar LiteLLM Supply Chain Attack: How TeamPCP Backdoored AI Infrastructure

Posted at 11:33h in Attacks Analysis, Must Read by Luis Rodríguez 0 Comments

Explore the security breach of LiteLLM, affecting millions of users with multi-stage payloads and devastating consequences....

Read More

25 Mar AI Coding Assistant Security: How to Prevent Vulnerabilities in AI-Generated Code

Posted at 17:10h in AI, Must Read by Fátima Said 0 Comments

AI coding assistant security guide: prevent vulnerabilities in AI-generated code, detect risks early, and secure your pipelines in real time....

Read More

13 Mar How to Implement AI Remediation in DevSecOps

Posted at 13:55h in AI, Must Read by Fátima Said 0 Comments

Implement AI remediation in DevSecOps to reduce vulnerability noise, improve remediation decisions, and automate safer fixes. Free checklist included....

Read More

06 Mar Shadow AI Security: All You Need to Know

Posted at 14:30h in AI, Must Read by Fátima Said 0 Comments

Shadow AI security is changing fast. See the OpenClaw takeovers, skills supply chain risks, and the exact DevSecOps fixes to apply this quarter....

Read More

27 Feb New npm Infostealer Discovery: Nyx Stealer Hijacks Discord Sessions

Posted at 11:55h in Attacks Analysis, Must Read by Fátima Said 0 Comments

Xygeni identifies Nyx: a sophisticated npm Infostealer hijacking Discord and crypto wallets using advanced runtime decryption....

Read More

26 Feb Xygeni Launches MCP Server for AI Security in the IDE

Posted at 12:00h in AI, Must Read by Fátima Said 0 Comments

Discover the mcp server and its role in orchestrating security with AI to transform how developers handle code generation....

Read More

25 Feb Malicious npm Package in Baileys Fork (Skyzopedia Case)

Posted at 16:22h in Attacks Analysis, Must Read by Fátima Said 0 Comments

Malicious npm package abuses a Baileys fork to inject runtime spam behavior through a GitHub-controlled payload....

Read More

05 Dec React2Shell: CVE-2025-55182 and the Next.js RCE Risk

Posted at 16:45h in Attacks Analysis, Must Read by Fátima Said 0 Comments

React2Shell (CVE-2025-55182) creates a critical Next.js RCE risk. Understand the impact and what to patch immediately....

Read More