Xygeni Blog

Must-Read Posts

SeedSweep: Ten Malicious npm Crypto Packages

SeedSweep: Ten Crypto-Themed npm Packages That Only Run When No One Is Watching

PairLoop: Hidden Remote-Control Panel in npm Package

PairLoop: One npm Package, Seventy Versions, and a Hidden Windows Remote-Control Panel

ConsentMask The npm Package Hiding Developer Identity Harvesting

ConsentMask: An npm Package That Wears a Telemetry Consent Banner Over Developer-Identity Harvesting

JulesJacker: Fake npm Worm Impersonates Jules AI

JulesJacker: A Fake-PoC npm Worm That Impersonates Google’s Jules Agent — and Turns on the Sandbox Analyzing It

RuntimeBroker npm Typosquat Plants Crypto Clipper

RuntimeBroker: an npm Typosquat Plants a 40-Chain Crypto-Clipper as a Cross-OS \”System Runtime Helper”\

AuditorTrap

AuditorTrap: A 22-Package Fake Crypto Security Guild on npm With Two Parallel Payloads

Software Supply Chain

Agile and Security: Shaping New Landscapes in Software Supply Chains

May 5, 2023

software-Supply-Chain-Attack-3cx-software-supply-chain-attack-3CX-Supply-Chain-Attack

Attacks Analysis

3CX Supply Chain Attack: Lessons Learned

April 27, 2023

Software Supply Chain

Understanding Code Tampering and Its Impact on Software Supply Chain Security

April 4, 2023

Software Supply Chain

5 Essential Tips for Securing Your Software Supply Chain

March 20, 2023

malware-injection

Software Supply Chain

Malware Injection in the Software Supply Chain: Detection and Mitigation Mechanisms on GitHub

March 17, 2023

sdlc-protection-sdlc-life-cycle-agile-methodology-secure-SDLC

SDLC

How to improve your SDLC Protection?

March 13, 2023

Prevent code tampering - Code tampering prevention

Attacks Analysis

Prevent Code Tampering in Four Steps

March 6, 2023

Software Supply Chain

Agility and Security in the Software Supply Chain

February 27, 2023

SDLC

How to protect the pipeline security of your DevOps

January 27, 2023

Open-Source Security

How to detect and solve misconfiguration problems

January 3, 2023

Secrets Security

Secrets leaks: One step to the disaster

December 27, 2022

CI CD Security

What can go wrong with CI/CD pipelines?

December 7, 2022