May 12: TeamPCP open-sourced the Shai-Hulud worm on GitHub. Datadog mapped its module pipeline (Loader/Provider/Collector/Dispatcher/Sender/Mutator) and Claude Code SessionStart hook for persistence. May 15: BreachForums opened a paid attack challenge. Detection notes for the copycat wave.
Malicious node-ipc 9.1.6/9.2.3/12.0.1 fire on require(), not postinstall. 12.0.1 is SHA-256 gated (targeted), so a working app isn't safe. Exfils dev/CI secrets via DNS TXT.
Google extended Binary Transparency to its Android apps and Mainline modules starting May 2026. How the public log and verification tools differ from code signing, what's actually covered, and what the ADB-based verification workflow looks like for researchers.
In its April 23 update, Vercel disclosed customer accounts compromised prior to and independently of the Context.ai incident. Covering the Lumma Stealer infection path, the ShinyHunters $2M BreachForums listing, and what non-sensitive environment variables actually mean.
Vercel's official incident disclosure published on April 19, 2026. A walk-through of how a compromise of Context.ai's Google Workspace OAuth app led to Vercel employee account takeover and access to environment variables in some customer projects, plus the checks users should run right now.
The latest GlassWorm wave bundles Zig-compiled native binaries in an Open VSX extension and silently installs a second-stage payload across VS Code, Cursor, Windsurf, VSCodium, and Positron.
A CVSS 9.3 unauthenticated RCE in the Marimo Python notebook was exploited within hours of advisory disclosure. Meanwhile, Astral published its comprehensive supply chain security posture for uv and ruff, covering CI/CD pipeline hardening, Trusted Publishing, and Sigstore attestation.
A security scan of 50 open-source MCP servers found 61% lacked input validation. This article covers real vulnerabilities in high-profile servers like Playwright MCP and Puppeteer MCP, and examines when to skip MCP entirely and use CLI tools directly.
36 malicious npm packages disguised as Strapi CMS plugins were published by 4 sock-puppet accounts. 8 payload variants deployed Redis crontab injection, PostgreSQL direct access, reverse shells, and persistent implants. The target appears to be crypto exchange Guardarian.
Follow-up to the axios compromise. Public reporting from GitHub, Socket, Google, and Microsoft shows UNC1069/Sapphire Sleet used the same social-engineering playbook against maintainers tied to Mocha, Fastify, Lodash, dotenv, and Node.js core.
The axios postmortem from maintainer Jason Saayman lays out the full social-engineering chain: a fake company Slack workspace, a fake Teams meeting, and a RAT that took over the machine. 2FA and OIDC were both bypassed.
