Xygeni Blog

Must-Read Posts

Ectoplasm npm Install Hooks That Steal AWS Credentials

Ectoplasm: npm install hooks that harvest AWS credentials behind a container-only trigger

SeedSweep: Ten Malicious npm Crypto Packages

SeedSweep: Ten Crypto-Themed npm Packages That Only Run When No One Is Watching

PairLoop: Hidden Remote-Control Panel in npm Package

PairLoop: One npm Package, Seventy Versions, and a Hidden Windows Remote-Control Panel

ConsentMask The npm Package Hiding Developer Identity Harvesting

ConsentMask: An npm Package That Wears a Telemetry Consent Banner Over Developer-Identity Harvesting

JulesJacker: Fake npm Worm Impersonates Jules AI

JulesJacker: A Fake-PoC npm Worm That Impersonates Google’s Jules Agent — and Turns on the Sandbox Analyzing It

RuntimeBroker npm Typosquat Plants Crypto Clipper

RuntimeBroker: an npm Typosquat Plants a 40-Chain Crypto-Clipper as a Cross-OS \”System Runtime Helper”\

EVMDeFi npm Typosquatting Attack Steals Developer Keys

Attacks Analysis

EVM/DeFi npm Typosquatting Attack Steals Developer Keys

May 6, 2026

FauxCode When Your Reverse-Engineered Claude Code Quietly Routes Through the Attacker

Attacks Analysis

FauxCode: Reverse-Engineered Claude Code Routes Through Attackers

May 4, 2026

DevTap npm Typosquatting Attack

Attacks Analysis

DevTap npm Typosquatting Attack: Six Malicious Packages Target Developer Workstations

May 4, 2026

Secure AI-Generated Code

AI

How to Secure AI-Generated Code in CI/CD

April 29, 2026

AppSec Alert Fatigue

Software Supply Chain

How to Reduce AppSec Alert Fatigue

April 27, 2026

Cloud Security Tips

Software Supply Chain

20 Cloud Security Tips for Modern DevSecOps Teams

April 26, 2026

MTTR

AI

MTTR in AppSec: How to Reduce it with AI & Automation

April 24, 2026

inject environment variables to the build process

CI CD Security

Inject Environment Variables to the Build Process Securely

April 21, 2026

Axios npm Compromise

Attacks Analysis

Axios npm Compromise: What Happened, Who Is Affected, and How to Prevent It

April 16, 2026

Global InfoSec Awards

AI

Xygeni Wins Two Global InfoSec Awards for ASPM and GenAI Application Security

April 1, 2026

ReDoS

CI CD Security

ReDoS Explained: What Regular Expression DoS Is and How to Prevent It

March 30, 2026

Autofix in AppSec

AI

Autofix in AppSec: How to Remediate Vulnerabilities Without Breaking Builds

March 30, 2026