@harekrishnarai

React2shell Leads to Full Microsoft 365 SharePoint compromise: How One Server Exploit Exposed an Entire Tenant

Dec 1, 2025 · 4 min read · As security researchers, we often analyze vulnerabilities in isolation. A Remote Code Execution (RCE) in a web app is one thing; sharepoint compromise in an enterprise cloud is another. But what happens when these two converge? To understand the true...

The Shai-Hulud Worm: Dissecting the Self-Spreading Malware Attack on the NPM Ecosystem

Sep 18, 2025 · 14 min read · 1. Introduction: The Attack of the Code Worm Imagine building a project with a set of Lego bricks, but one of the bricks is secretly malicious. Not only is it a bad piece, but it also has the ability to copy itself and sneak into all the other Lego s...

From Grep to Taint Analysis: The Evolution of Static Code Scanning

Sep 4, 2025 · 5 min read · Static code analysis has come a long way from the days of simple string searches. With the rising complexity of applications and threats, our tooling has evolved to meet the demand for both precision and context-awareness. This blog takes you through...

The Nx Supply Chain Attack: When AI Becomes an Accomplice Attackers

Aug 27, 2025 · 8 min read · In a startling turn of events, the widely-used Nx build system fell victim to a sophisticated supply chain attack. On August 26, 2025, malicious versions of the Nx packages were published to the npm registry, compromising the systems of potentially t...

Introduction to Static Application Security Testing (SAST)

Jun 21, 2025 · 18 min read · Introduction This is the first article in a 30-day series on Static Application Security Testing (SAST). We’ll introduce what SAST is and why it matters for building secure software. SAST refers to analyzing source code to find security vulnerabiliti...