top of page
ALL POSTS
CrowdStrike Dismantles Glassworm Botnet Targeting Open-Source Developer Supply Chain
Key Findings CrowdStrike, Google, and Shadowserver dismantled the Glassworm botnet by simultaneously taking down four command-and-control servers that powered a sophisticated supply chain attack campaign The Russia-based threat group infected over 300 GitHub repositories and compromised hundreds of open-source packages across npm, Python, and VSCode extensions since early 2025 Glassworm deployed a multi-layered resilience strategy using the Solana blockchain, BitTorrent DHT,
May 273 min read
Mini Shai-Hulud Worm Supply Chain Attack Compromises Hundreds of Open-Source Packages
Key Findings TeamPCP threat actor behind sprawling supply chain attack targeting npm and PyPI packages across TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI Malware deploys obfuscated JavaScript credential stealer targeting cloud providers, crypto wallets, AI tools, CI systems, and messaging apps Data exfiltrated to attacker-controlled infrastructure using Session Protocol to evade detection Malware establishes persistence in VS Code and Claude Code IDEs, survive
May 133 min read
OpenAI Codex Security Agent Scans Millions of Commits, Uncovers High-Severity Issues
Key Findings OpenAI has launched Codex Security, an AI-powered security agent designed to find, validate, and propose fixes for software vulnerabilities. Over the last 30 days, Codex Security has scanned more than 1.2 million commits across external repositories, identifying 792 critical and 10,561 high-severity findings. The vulnerabilities found include issues in various open-source projects like OpenSSH, GnuTLS, GOGS, Thorium, libssh, PHP, and Chromium. Codex Security leve
Mar 72 min read
Claude Opus 4.6 \\ Anthropic
Key Findings Anthropic's latest AI model, Claude Opus 4.6, has found over 500 previously unknown high-severity security flaws in major open-source libraries like Ghostscript, OpenSC, and CGIF. The model was able to identify vulnerabilities by parsing commit histories, spotting dangerous functions, and understanding complex algorithmic concepts. Anthropic says Opus 4.6 can "read and reason about code the way a human researcher would", enabling it to find vulnerabilities that t
Feb 62 min read
bottom of page
