Blog Posts
Shai-Hulud 2.0: Offensive Security Art in npm Worm Form
- Analysis
- November 28, 2025
- 7 mins
How a self-propagating npm worm weaponized maintainer trust and GitHub Actions for covert C2.
CVE-2025-6514: How Old Bugs Hijacked the AI Hype
- Analysis
- September 15, 2025
- 7 mins
Breaking down the MCP remote command injection and why AI tooling just became an attacker playground.