Xygeni Blog

Must-Read Posts

SeedSweep: Ten Malicious npm Crypto Packages

SeedSweep: Ten Crypto-Themed npm Packages That Only Run When No One Is Watching

PairLoop: Hidden Remote-Control Panel in npm Package

PairLoop: One npm Package, Seventy Versions, and a Hidden Windows Remote-Control Panel

ConsentMask The npm Package Hiding Developer Identity Harvesting

ConsentMask: An npm Package That Wears a Telemetry Consent Banner Over Developer-Identity Harvesting

JulesJacker: Fake npm Worm Impersonates Jules AI

JulesJacker: A Fake-PoC npm Worm That Impersonates Google’s Jules Agent — and Turns on the Sandbox Analyzing It

RuntimeBroker npm Typosquat Plants Crypto Clipper

RuntimeBroker: an npm Typosquat Plants a 40-Chain Crypto-Clipper as a Cross-OS \”System Runtime Helper”\

AuditorTrap

AuditorTrap: A 22-Package Fake Crypto Security Guild on npm With Two Parallel Payloads

XZ Backdoor Attack

Must Read

XZ Backdoor: “That was a close one”

April 1, 2024

software-attestation-build-attestation

Build Security

Software Attestation in Build Security – An Introduction

March 28, 2024

NIST CSF Version 2.0

Software Supply Chain

National Institute of Standards and Technology Releases Landmark Update to Cybersecurity Framework

March 26, 2024

A Deep Dive into Software Security with Xygeni on Neuco's Podcast

Software Supply Chain

A Deep Dive into Software Security with Xygeni on Neuco’s Podcast

March 21, 2024

Build Security Essentials: Strengthening Your Software from the Ground Up

CI CD Security

Build Security Essentials: Strengthening Your Software from the Ground Up

March 19, 2024

The Essential Guide to Enhancing Your Software's Security Posture

CI CD Security

The Essential Guide to Enhancing Your Software’s Security Posture

March 14, 2024

open-source-software-security-tools-OSS-Security

CI CD Security

Understanding the Landscape of Open-Source Software Security

March 12, 2024

devops secrets management - secrets detection

Secrets Security

Unlocking Security: DevOps Secrets Management Best Practices

March 7, 2024

SLSA framework - Supply-chain Levels for Software

CI CD Security

Master SLSA Framework: Safeguard Your Software Supply Chain

March 5, 2024

CI/CD Security Tools - CI/CD challenges

CI CD Security

CI/CD Security: Overcoming CI/CD Challenges and Common Pitfalls

February 29, 2024

CICD-Pipelines

CI CD Security

A Deep Dive into CI/CD Pipelines Vulnerabilities (III): Artifact Poisoning and Code Injection

February 27, 2024

Implementing CI/CD Best Practices for Success

CI CD Security

CI/CD Best Practices: Transforming Software Development

February 22, 2024