Threat Research
Threat Research
Long-form analysis. Kill chains, post-mortems, deep dives.
On April 29, 2026, four SAP CAP npm packages were poisoned with a credential-stealing worm that reached over 1,100 developer repositories within hours. This post consolidates findings from eight vendor reports and adds deployable YARA, Sigma, and KQL detection rules....
The LiteLLM compromise that landed on PyPI yesterday is a textbook example of the “trust gradient” attack: a popular OSS package, a maintainer who reuses credentials across services, and a build pipeline that publishes whatever the maintainer pushes. Here’s the...