Hare Krishna Rai

@harekrishnarai

Securing the Future of Software Supply Chains & AI

IndiaJoined May 2021

About

Specialized in uncovering vulnerabilities within software supply chains and dependency ecosystems. Creator of SCAGoat and other open-source security tools. Speaker at Black Hat, DEF CON, and AppSec conferences with research on malicious package detection, dependency confusion, and CI/CD security.

Available for

Available for software security engineering opportunities, collaborations, and speaking engagements. Open to learning from startup founders, industry experts. Let’s connect! #software-security #cybersecurity

Hare Krishna Rai's blogs

blog.harekrishnarai.meblog.harekrishnarai.me17 posts

Articles Comments4

Recently published

HKHare Krishna Raiblog.harekrishnarai.meApr 4 · 5 min read

Axios malicious package: what developers and defenders should check

Why this matters Software supply chain attacks are landing one after another. Recent incidents involving Trivy, Checkmarx KICS, LiteLLM, Telnyx, and now Axios show the same pattern: compromise trusted

0

HKHare Krishna Raiblog.harekrishnarai.meDec 1, 2025 · 4 min read

React2shell Leads to Full Microsoft 365 SharePoint compromise: How One Server Exploit Exposed an Entire Tenant

As security researchers, we often analyze vulnerabilities in isolation. A Remote Code Execution (RCE) in a web app is one thing; sharepoint compromise in an enterprise cloud is another. But what happens when these two converge? To understand the true...

0

HKHare Krishna Raiblog.harekrishnarai.meSep 18, 2025 · 14 min read

The Shai-Hulud Worm: Dissecting the Self-Spreading Malware Attack on the NPM Ecosystem

1. Introduction: The Attack of the Code Worm Imagine building a project with a set of Lego bricks, but one of the bricks is secretly malicious. Not only is it a bad piece, but it also has the ability to copy itself and sneak into all the other Lego s...

0

HKHare Krishna Raiblog.harekrishnarai.meSep 4, 2025 · 5 min read

From Grep to Taint Analysis: The Evolution of Static Code Scanning

Static code analysis has come a long way from the days of simple string searches. With the rising complexity of applications and threats, our tooling has evolved to meet the demand for both precision and context-awareness. This blog takes you through...

0

HKHare Krishna Raiblog.harekrishnarai.meAug 27, 2025 · 8 min read

The Nx Supply Chain Attack: When AI Becomes an Accomplice Attackers

In a startling turn of events, the widely-used Nx build system fell victim to a sophisticated supply chain attack. On August 26, 2025, malicious versions of the Nx packages were published to the npm registry, compromising the systems of potentially t...

0

Hare Krishna Rai

About

Available for

Hare Krishna Rai's blogs

Recently published

Axios malicious package: what developers and defenders should check

React2shell Leads to Full Microsoft 365 SharePoint compromise: How One Server Exploit Exposed an Entire Tenant

The Shai-Hulud Worm: Dissecting the Self-Spreading Malware Attack on the NPM Ecosystem

From Grep to Taint Analysis: The Evolution of Static Code Scanning

The Nx Supply Chain Attack: When AI Becomes an Accomplice Attackers

Search Hashnode

Hare Krishna Rai

About

Available for

Hare Krishna Rai's blogs

Recently published

Axios malicious package: what developers and defenders should check

React2shell Leads to Full Microsoft 365 SharePoint compromise: How One Server Exploit Exposed an Entire Tenant

The Shai-Hulud Worm: Dissecting the Self-Spreading Malware Attack on the NPM Ecosystem

From Grep to Taint Analysis: The Evolution of Static Code Scanning

The Nx Supply Chain Attack: When AI Becomes an Accomplice Attackers