Blog Xygeni

Post da leggere assolutamente

AI Security at OWASP Global AppSec EU 2026: Meet Xygeni in Vienna

CryptoDAO Confusion: npm Packages Harvesting CI/CD and Crypto Secrets

CryptoDAO Confusion: eleven npm packages, one payload, harvesting CI/CD and crypto-wallet secrets

Permission Slip: npm Package Hiding Cloud & System Threats

Permission Slip: An npm “Authorized Research” Cover Story Hiding Cloud-Metadata Probes and SYSTEM Persistence

Ectoplasm npm Install Hooks That Steal AWS Credentials

Ectoplasm: npm install hooks that harvest AWS credentials behind a container-only trigger

SeedSweep: Ten Malicious npm Crypto Packages

SeedSweep: Ten Crypto-Themed npm Packages That Only Run When No One Is Watching

PairLoop: Hidden Remote-Control Panel in npm Package

PairLoop: One npm Package, Seventy Versions, and a Hidden Windows Remote-Control Panel

Analisi degli attacchi

AI Security at OWASP Global AppSec EU 2026: Meet Xygeni in Vienna

23 Giugno 2026

Analisi degli attacchi

CryptoDAO Confusion: eleven npm packages, one payload, harvesting CI/CD and crypto-wallet secrets

22 Giugno 2026

Analisi degli attacchi

Permission Slip: An npm “Authorized Research” Cover Story Hiding Cloud-Metadata Probes and SYSTEM Persistence

22 Giugno 2026

Analisi degli attacchi

Ectoplasm: npm install hooks that harvest AWS credentials behind a container-only trigger

12 Giugno 2026

Analisi degli attacchi

SeedSweep: Ten Crypto-Themed npm Packages That Only Run When No One Is Watching

9 Giugno 2026

Analisi degli attacchi

PairLoop: One npm Package, Seventy Versions, and a Hidden Windows Remote-Control Panel

5 Giugno 2026

ConsentMask The npm Package Hiding Developer Identity Harvesting

Analisi degli attacchi

ConsentMask: An npm Package That Wears a Telemetry Consent Banner Over Developer-Identity Harvesting

4 Giugno 2026

AI-Driven SDLCs Are Already Here. Now What?

2 Giugno 2026

JulesJacker: Fake npm Worm Impersonates Jules AI

Analisi degli attacchi

JulesJacker: A Fake-PoC npm Worm That Impersonates Google’s Jules Agent — and Turns on the Sandbox Analyzing It

29 maggio 2026

RuntimeBroker npm Typosquat Plants Crypto Clipper

Analisi degli attacchi

RuntimeBroker: an npm Typosquat Plants a 40-Chain Crypto-Clipper as a Cross-OS \”System Runtime Helper”\

22 maggio 2026

Analisi degli attacchi

AuditorTrap: A 22-Package Fake Crypto Security Guild on npm With Two Parallel Payloads

21 maggio 2026

PhantomBot From Credential Theft to Botnet

Analisi degli attacchi

PhantomBot: A Typosquat Campaign That Pivoted From Credential Theft to a Turnkey Botnet Kit

18 maggio 2026

CARICA DI PIÙ

Blog Xygeni

Post da leggere assolutamente

AI Security at OWASP Global AppSec EU 2026: Meet Xygeni in Vienna

CryptoDAO Confusion: eleven npm packages, one payload, harvesting CI/CD and crypto-wallet secrets

Permission Slip: An npm “Authorized Research” Cover Story Hiding Cloud-Metadata Probes and SYSTEM Persistence

Ectoplasm: npm install hooks that harvest AWS credentials behind a container-only trigger

SeedSweep: Ten Crypto-Themed npm Packages That Only Run When No One Is Watching

PairLoop: One npm Package, Seventy Versions, and a Hidden Windows Remote-Control Panel

ConsentMask: An npm Package That Wears a Telemetry Consent Banner Over Developer-Identity Harvesting

AI-Driven SDLCs Are Already Here. Now What?

JulesJacker: A Fake-PoC npm Worm That Impersonates Google’s Jules Agent — and Turns on the Sandbox Analyzing It

RuntimeBroker: an npm Typosquat Plants a 40-Chain Crypto-Clipper as a Cross-OS \”System Runtime Helper”\

AuditorTrap: A 22-Package Fake Crypto Security Guild on npm With Two Parallel Payloads

PhantomBot: A Typosquat Campaign That Pivoted From Credential Theft to a Turnkey Botnet Kit

Prodotti

Risorse

Azienda

Note legali