Charlie Eriksen

Malware Researcher

Charlie Eriksen is a Security Researcher at Aikido Security, with extensive experience across IT security - including in product and leadership roles. He is the founder of jswzl and he previously worked at Secure Code Warrior as a security researcher and co-founded Adversary.

Blog posts by Charlie Eriksen

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.

December 25, 2025

•

Vulnerabilities & Threats

First Sophisticated Malware Discovered on Maven Central via Typosquatting Attack on Jackson

We uncovered the first sophisticated malware campaign on Maven Central: a typosquatted Jackson package delivering multi-stage payloads and Cobalt Strike beacons via Spring Boot auto-execution.

Tags/

#Malware

December 17, 2025

•

Vulnerabilities & Threats

The Fork Awakens: Why GitHub’s Invisible Networks Break Package Security

A deep dive into a GitHub security flaw where forked commits let attackers spoof dependencies. Understand the commit SHA issue and why package managers need API-level protection.

Tags/

#Software Supply Chain Security

#Malware

#open-source

#NPM

#Dependencies

December 2, 2025

•

Vulnerabilities & Threats

Shai Hulud 2.0: What the Unknown Wonderer Tells Us About the Attackers’ Endgame

New research into the Shai Hulud 2.0 malware suggests the username UnknownWonderer1 tells us more about the attackers’ endgame.

Tags/

#Malware

November 24, 2025

•

Vulnerabilities & Threats

Shai Hulud Launches Second Supply-Chain Attack: Zapier, ENS, AsyncAPI, PostHog, Postman Compromised

The threat actor behind “Shai Hulud 2.0” launched a new malware campaign compromising the supply chain of Zapier, ENS Domains and more — exposing secrets, injecting malicious code, and enabling widespread developer-environment takeover.

Tags/

#Malware

November 6, 2025

•

Vulnerabilities & Threats

Invisible Unicode Malware Strikes OpenVSX, Again

Another wave of Open VSX extensions were compromised today.

Tags/

#intel

#Malware

September 18, 2025

•

Vulnerabilities & Threats

Bugs in Shai-Hulud: Debugging the Desert

The Shai Hulud worm had some bugs of its own, and required patching by the attackers. We also look at a timeline of events, to see how it unfolded.

Tags/

#Malware

September 16, 2025

•

Vulnerabilities & Threats

S1ngularity/nx attackers strike again

The attackers behind the nx attack have struck again, targeting a large amount of packages, with a first-of-its-kind worm payload.

Tags/

#Malware

September 12, 2025

•

Vulnerabilities & Threats

We Got Lucky: The Supply Chain Disaster That Almost Happened

Eighteen widely used open source packages were compromised, downloaded billions of times and embedded across nearly every cloud environment. The community dodged a bullet. But this close call shows just how fragile our software supply chain really is.

Tags/

#Malware

September 9, 2025

•

Vulnerabilities & Threats

duckdb npm packages compromised

The popular package duckdb was compromised by same attackers that hit debug and chalk

Tags/

#Malware

September 8, 2025

•

Vulnerabilities & Threats

npm debug and chalk packages compromised

The popular packages debug and chalk on npm have been compromised with malicious code

Tags/

#Malware

August 27, 2025

•

Vulnerabilities & Threats

Popular nx packages compromised on npm

The popular nx package on npm was compromised, and stolen data was published on GitHub publicly

Tags/

#Malware

#Software Supply Chain Security

#intel

June 12, 2025

•

Vulnerabilities & Threats

A deeper look into the threat actor behind the react-native-aria attack

We investigate the activity of the threat actor that compromised react-native-aria packages on npm, and how they are evolving their attacks.

Tags/

#Malware

#Software Supply Chain Security

Get secure now

Secure your code, cloud, and runtime in one central system.
Find and fix vulnerabilities fast automatically.

Start Scanning

No CC required

Book a demo

No credit card required | Scan results in 32secs.