Xygeni-blog

Berichten die je gelezen moet hebben

Ectoplasm npm Install Hooks That Steal AWS Credentials

Ectoplasm: npm install hooks that harvest AWS credentials behind a container-only trigger

SeedSweep: Ten Malicious npm Crypto Packages

SeedSweep: Ten Crypto-Themed npm Packages That Only Run When No One Is Watching

PairLoop: Hidden Remote-Control Panel in npm Package

PairLoop: One npm Package, Seventy Versions, and a Hidden Windows Remote-Control Panel

ConsentMask The npm Package Hiding Developer Identity Harvesting

ConsentMask: An npm Package That Wears a Telemetry Consent Banner Over Developer-Identity Harvesting

JulesJacker: Fake npm Worm Impersonates Jules AI

JulesJacker: A Fake-PoC npm Worm That Impersonates Google’s Jules Agent — and Turns on the Sandbox Analyzing It

RuntimeBroker npm Typosquat Plants Crypto Clipper

RuntimeBroker: an npm Typosquat Plants a 40-Chain Crypto-Clipper as a Cross-OS \”System Runtime Helper”\

Ectoplasm npm Install Hooks That Steal AWS Credentials

Analyse van aanvallen

Ectoplasm: npm install hooks that harvest AWS credentials behind a container-only trigger

12 juni 2026

SeedSweep: Ten Malicious npm Crypto Packages

Analyse van aanvallen

SeedSweep: Ten Crypto-Themed npm Packages That Only Run When No One Is Watching

9 juni 2026

PairLoop: Hidden Remote-Control Panel in npm Package

Analyse van aanvallen

PairLoop: One npm Package, Seventy Versions, and a Hidden Windows Remote-Control Panel

5 juni 2026

ConsentMask The npm Package Hiding Developer Identity Harvesting

Analyse van aanvallen

ConsentMask: An npm Package That Wears a Telemetry Consent Banner Over Developer-Identity Harvesting

4 juni 2026

AI-Driven SDLCs Are Already Here

AI

AI-Driven SDLCs Are Already Here. Now What?

2 juni 2026

JulesJacker: Fake npm Worm Impersonates Jules AI

Analyse van aanvallen

JulesJacker: A Fake-PoC npm Worm That Impersonates Google’s Jules Agent — and Turns on the Sandbox Analyzing It

May 29, 2026

RuntimeBroker npm Typosquat Plants Crypto Clipper

Analyse van aanvallen

RuntimeBroker: an npm Typosquat Plants a 40-Chain Crypto-Clipper as a Cross-OS \”System Runtime Helper”\

May 22, 2026

AuditorTrap

Analyse van aanvallen

AuditorTrap: A 22-Package Fake Crypto Security Guild on npm With Two Parallel Payloads

May 21, 2026

PhantomBot From Credential Theft to Botnet

Analyse van aanvallen

PhantomBot: A Typosquat Campaign That Pivoted From Credential Theft to a Turnkey Botnet Kit

May 18, 2026

AWS Lambda npm Dependency Confusion Attack The 24712-pl Campaign

Analyse van aanvallen

AWS Lambda npm Dependency Confusion Attack: The 24712-pl Campaign

May 8, 2026

alone5511 npm Afhankelijkheidsverwarringsaanval

Analyse van aanvallen

alone5511 npm Afhankelijkheidsverwarringsaanval

May 7, 2026

Beveiligingsrisico's van AI in DevSecOps

AI

Beveiligingsrisico's van AI in DevSecOps: Code, Pipelines, en agenten

May 7, 2026