Karma-X Blog
Subscribe via RSS
Supply Chain Alert: TeamPCP Compromises SAP npm Ecosystem via 'mini Shai-Hulud' Campaign
Supply Chain Alert: TeamPCP Compromises SAP npm Ecosystem via 'mini Shai-Hulud' Campaign

TeamPCP exploited a permissive npm OIDC trust policy to poison SAP's mbt and @cap-js packages, exfiltrating cloud and developer secrets to victim-owned GitHub repos. Here's the full attack chain and how to detect it.

Read More
AI Agent Traps: Understanding How the Web Becomes a Weapon Against AI Agents
AI Agent Traps: Understanding How the Web Becomes a Weapon Against AI Agents

The story about ‘AI Agent Traps’ — malicious web content that hijacks autonomous AI agents. Here’s how it works and how to defend against it.

Read More
Russian CTRL Toolkit: How Malicious LNK Files Enable RDP Hijacking via Reverse Tunnels
Russian CTRL Toolkit: How Malicious LNK Files Enable RDP Hijacking via Reverse Tunnels

A custom .NET RAT dubbed CTRL uses weaponized Windows shortcuts to hijack RDP sessions via FRP tunnels—here’s the full attack chain and how to defend against it.

Read More
Red Menshen’s Upgraded BPFdoor: How China’s Stealthiest Backdoor Infiltrates Global Telecom Networks
Red Menshen’s Upgraded BPFdoor: How China’s Stealthiest Backdoor Infiltrates Global Telecom Networks

Red Menshen’s upgraded BPFdoor backdoor embeds kernel-level sleeper cells in telecom networks worldwide. Here’s how it works and how to detect it.

Read More
💬 Ask our AI Assistant Kali