DeviceDoor: a public npm package shipping a Microsoft 365 device-code phishing and bulk-mail framework
OWASP Global AppSec EU 2026 Vienna: Key Takeaways on Secure Software Supply Chain, MCP Security, and the AI-BOM
Attacks Analysis JulesJacker: A Fake-PoC npm Worm That Impersonates Google’s Jules Agent — and Turns on the Sandbox Analyzing It May 29, 2026
Attacks Analysis RuntimeBroker: an npm Typosquat Plants a 40-Chain Crypto-Clipper as a Cross-OS \”System Runtime Helper”\ May 22, 2026
Attacks Analysis AuditorTrap: A 22-Package Fake Crypto Security Guild on npm With Two Parallel Payloads May 21, 2026
Attacks Analysis PhantomBot: A Typosquat Campaign That Pivoted From Credential Theft to a Turnkey Botnet Kit May 18, 2026
Attacks Analysis DevTap npm Typosquatting Attack: Six Malicious Packages Target Developer Workstations May 4, 2026