September 2025's self-replicating Shai-Hulud npm worm rewrote the supply-chain threat model. Six months later the playbook has been adopted by other actors (TeamPCP, April 2026). Here's the concrete tradecraft, the IOCs that actually fire, and the controls defenders need.
Read More
Unit 42 reveals how AD CS template misconfigs and shadow credentials are driving privilege escalation in modern enterprises.
Read More
Max-severity CVE-2026-20127 exploited since 2023. Threat actors use vdaemon bypass & firmware downgrade to gain root access in Cisco SD-WAN.
Read More
CVE-2026-31431 (Copy Fail) lets any unprivileged Linux user gain root via a 732-byte Python PoC — no race, no offsets, no disk artifacts. Affects every distro since 2017.
Read More
TeamPCP exploited a permissive npm OIDC trust policy to poison SAP's mbt and @cap-js packages, exfiltrating cloud and developer secrets to victim-owned GitHub repos. Here's the full attack chain and how to detect it.
Read More
Trojanized LiteLLM releases on PyPI enabled data exfiltration with Kubernetes persistence—here’s the full attack chain and how to check if you’re affected.
Read More
Axios npm package compromised—attackers hijacked the maintainer’s account and injected a phantom dependency that dropped a cross-platform RAT. Here’s the full attack chain.
Read More
Check Point found ChatGPT’s code sandbox could leak data via DNS. Separately, Codex’s branch name field allowed command injection to steal GitHub tokens.
Read More
A custom .NET RAT dubbed CTRL uses weaponized Windows shortcuts to hijack RDP sessions via FRP tunnels—here’s the full attack chain and how to defend against it.
Read More
Red Menshen’s upgraded BPFdoor backdoor embeds kernel-level sleeper cells in telecom networks worldwide. Here’s how it works and how to detect it.
Read MorePage 1 of 3 • Showing 1 to 10 of 21 posts
