NPM Package @Ctrl/Tinycolor Compromised: Shai Hulud Malware Targets Secrets and Persistence
Popular npm package @ctrl/tinycolor has been compromised in supply chain attack by a malicious update called Shai Hulud.
Read More
Nx Package Compromise: ‘s1ngularity’ Malware Raids Developer Secrets
Multiple versions of the Nx build system were compromised on npm with malware designed to steal developer credentials, crypto wallets, and API keys via a malicious post-install script.
Read More
PyPI Domain Vigilance: Protecting Packages from Domain Resurrection
A look into the risks of domain resurrection attacks, what PyPi is doing about them, and practical steps to safeguard your organisation.
Read More
Rising from the Dead: Zombie Dependencies
In the era of AI assistants and vibe coding, a new threat emerges from the shadows. It has lurked, hidden and patient, waiting for the right moment. Introducing Zombie Dependencies: they’re not after brains… they’re after your code.
Read More
TJ-Actions Breach: How One GitHub Action Exposed Thousands
In March, a sophisticated supply chain attack compromised the popular open source project TJ-Actions, impacting over 23,000 users. This post breaks down how the breach unfolded, the techniques used to stay hidden, and what you can do to protect your CI/CD pipelines from similar threats.
Read More
Ossprey Spreads Its Wings: Cyber Runway Gradutaion
Ossprey graduates from one of the UK's leading Cybersecurity Accelerators, Cyber Runway!Learn about our journey through the Cyber Runway accelerator, from the Launch bootcamp to scaling our mission in the Grow program.
Read More
Lessons from the LottieFiles Compromise
Following on from last week's Lottie attack. We explore the cause of the attack, the impacted parties and solutions to improving you and your customers safety by protecting you open source software supply chain.
Read More