.avif)
Ilyas Makari
Blog posts by Ilyas Makari
Compromised Rust crate onering performs code exfiltration
The compromised onering Rust crate v1.4.1 on crates.io shipped a malicious build.rs that exfiltrates the diff of your latest commit to a hosted Sentry endpoint every time you build.
Wait, binding.gyp Can Do What? Exploring npm's Weirdest Build System
Deep dive into binding.gyp, the often overlooked npm build file that can execute malicious code at install time through shell expansions, sandbox escapes, and compiler hijacking.
Red Hat npm Packages Compromised to Spread a Credential-Stealing Worm
Multiple official @redhat-cloud-services npm packages were compromised with a credential-stealing worm derived from the open-sourced Mini Shai-Hulud malware, targeting cloud credentials, and developer tooling across CI/CD pipelines.
Supply Chain Attack Targets Laravel-Lang Packages with Credential Stealer
Attackers injected a credential stealer into 200+ versions of popular Laravel-Lang packages, delivering a credential stealer targeting cloud keys, SSH keys, browsers, crypto wallets and more.
Popular PyTorch Lightning Package Compromised by Mini Shai-Hulud
Malware found in popular PyTorch Lightning version 2.6.2 and 2.6.3, stealing credentials, crypto wallets, and VPN configs as part of the Mini Shai-Hulud campaign.
Is Shai-Hulud Back? Compromised Bitwarden CLI Contains a Self-Propagating npm Worm
Malware found in @bitwarden/cli v2026.4.0 steals SSH keys, cloud secrets, and AI coding tool credentials, then spreads through victims' own npm packages. Inside: a worm calling itself "Shai-Hulud: The Third Coming."
GPT-Proxy Backdoor in npm and PyPI turns Servers into Chinese LLM Relays
A newly discovered npm and PyPI malware campaign installs hidden LLM proxies on compromised servers, turning them into relay nodes for LLM traffic.
GlassWorm goes native: New Zig dropper infects every IDE on your machine
GlassWorm deploys a Zig-based native dropper hidden within a fake extension, silently compromising VS Code, Cursor, VSCodium, and other IDEs.
GlassWorm Hides a RAT Inside a Malicious Chrome Extension
GlassWorm deploys a multi-stage RAT that force-installs a malicious Chrome extension to log keystrokes, steal cookies, and exfiltrate data via Solana-based C2.
Glassworm Is Back: A New Wave of Invisible Unicode Attacks Hits Hundreds of Repositories
The Glassworm supply chain attack is back. Researchers uncovered malware hidden in invisible Unicode characters across 150+ GitHub repositories, plus npm packages and VS Code extensions.
Get secure now
Secure your code, cloud, and runtime in one central system.
Find and fix vulnerabilities fast automatically.
