September 2025's self-replicating Shai-Hulud npm worm rewrote the supply-chain threat model. Six months later the playbook has been adopted by other actors (TeamPCP, April 2026). Here's the concrete tradecraft, the IOCs that actually fire, and the controls defenders need.
Read full analysis →
Unit 42 reveals how AD CS template misconfigs and shadow credentials are driving privilege escalation in modern enterprises.
Read full analysis →
Max-severity CVE-2026-20127 exploited since 2023. Threat actors use vdaemon bypass & firmware downgrade to gain root access in Cisco SD-WAN.
Read full analysis →
CVE-2026-31431 (Copy Fail) lets any unprivileged Linux user gain root via a 732-byte Python PoC — no race, no offsets, no disk artifacts. Affects every distro since 2017.
Read full analysis →
TeamPCP exploited a permissive npm OIDC trust policy to poison SAP's mbt and @cap-js packages, exfiltrating cloud and developer secrets to victim-owned GitHub repos. Here's the full attack chain and how to detect it.
Read full analysis →
Trojanized LiteLLM releases on PyPI enabled data exfiltration with Kubernetes persistence—here’s the full attack chain and how to check if you’re affected.
Read full analysis →Page 1 of 4 • 21 articles
