Xygeni Blog

Must-Read Posts

Ectoplasm npm Install Hooks That Steal AWS Credentials

Ectoplasm: npm install hooks that harvest AWS credentials behind a container-only trigger

SeedSweep: Ten Malicious npm Crypto Packages

SeedSweep: Ten Crypto-Themed npm Packages That Only Run When No One Is Watching

PairLoop: Hidden Remote-Control Panel in npm Package

PairLoop: One npm Package, Seventy Versions, and a Hidden Windows Remote-Control Panel

ConsentMask The npm Package Hiding Developer Identity Harvesting

ConsentMask: An npm Package That Wears a Telemetry Consent Banner Over Developer-Identity Harvesting

JulesJacker: Fake npm Worm Impersonates Jules AI

JulesJacker: A Fake-PoC npm Worm That Impersonates Google’s Jules Agent — and Turns on the Sandbox Analyzing It

RuntimeBroker npm Typosquat Plants Crypto Clipper

RuntimeBroker: an npm Typosquat Plants a 40-Chain Crypto-Clipper as a Cross-OS \”System Runtime Helper”\

LiteLLM Supply Chain Attack

Attacks Analysis

LiteLLM Attack: How Xygeni Stops Secret Exposure Fast

March 27, 2026

LiteLLM Supply Chain Attack

Attacks Analysis

LiteLLM Supply Chain Attack: How TeamPCP Backdoored AI Infrastructure

March 26, 2026

AI

AI Coding Assistant Security: How to Prevent Vulnerabilities in AI-Generated Code

March 25, 2026

AI

How to Implement AI Remediation in DevSecOps

March 13, 2026

Shadow AI Security

AI

Shadow AI Security: All You Need to Know

March 6, 2026

npm Infostealer

Attacks Analysis

New npm Infostealer Discovery: Nyx Stealer Hijacks Discord Sessions

February 27, 2026

Xygeni Launches MCP Server for AI Security in the IDE

AI

Xygeni Launches MCP Server for AI Security in the IDE

February 26, 2026

Malicious npm Package

Attacks Analysis

Malicious npm Package in Baileys Fork (Skyzopedia Case)

February 25, 2026

Code Security

Mobile App Security with Swift and Kotlin SAST

February 20, 2026

allintextlogin filetypelog

Attacks Analysis

allintext:login filetype:log – How Exposed Logs Leak Credentials

February 18, 2026

vibe coding

AI

Vibe Coding Security: Why Traditional AppSec Breaks

February 13, 2026

Why We Built Known-Exploit Intelligence Fix What Attackers Actually Use

Open-Source Security

Known-Exploit Intelligence for Vulnerability Management

February 11, 2026