.avif)
Charlie Eriksen
Blog posts by Charlie Eriksen
npx Confusion: Packages That Forgot to Claim Their Own Name
We claimed 128 unclaimed npm package names that official docs told developers to npx. Seven months later: 121,000 downloads. All would have run arbitrary code.
Fake Clawdbot VS Code Extension Installs ScreenConnect RAT
A malicious VS Code extension impersonating Clawdbot is installing ScreenConnect RAT on developer machines.
G_Wagon: npm Package Deploys Python Stealer Targeting 100+ Crypto Wallets
npm package ansi-universal-ui delivers GWagon infostealer targeting 100+ crypto wallets, browser credentials, and cloud keys. We analyzed all 10 versions as the attacker iterated in real-time.
Gone Phishin': npm Packages Serving Custom Credential Harvesting Pages
A targeted spear-phishing campaign used npm packages and jsDelivr as free phishing infrastructure, serving custom credential harvesters per victim
Malicious PyPI Packages spellcheckpy and spellcheckerpy Deliver Python RAT
Attackers published fake spellchecker packages to PyPI with malware hidden in plain sight. We break down the attack and what developers need to watch for.
Agent Skills Are Spreading Hallucinated npx Commands
AI agent skills are propagating hallucinated npx commands, creating real security and reliability risks for developers and supply chains.
JavaScript, MSBuild, and the Blockchain: Anatomy of the NeoShadow npm Supply-Chain Attack
A deep technical analysis of the NeoShadow npm supply-chain attack, detailing how JavaScript, MSBuild, and blockchain techniques were combined to compromise developers.
First Sophisticated Malware Discovered on Maven Central via Typosquatting Attack on Jackson
We uncovered the first sophisticated malware campaign on Maven Central: a typosquatted Jackson package delivering multi-stage payloads and Cobalt Strike beacons via Spring Boot auto-execution.
The Fork Awakens: Why GitHub’s Invisible Networks Break Package Security
A deep dive into a GitHub security flaw where forked commits let attackers spoof dependencies. Understand the commit SHA issue and why package managers need API-level protection.
Shai Hulud 2.0: What the Unknown Wonderer Tells Us About the Attackers’ Endgame
New research into the Shai Hulud 2.0 malware suggests the username UnknownWonderer1 tells us more about the attackers’ endgame.
Shai Hulud Launches Second Supply-Chain Attack: Zapier, ENS, AsyncAPI, PostHog, Postman Compromised
The threat actor behind “Shai Hulud 2.0” launched a new malware campaign compromising the supply chain of Zapier, ENS Domains and more — exposing secrets, injecting malicious code, and enabling widespread developer-environment takeover.
Get secure now
Secure your code, cloud, and runtime in one central system.
Find and fix vulnerabilities fast automatically.
