Apr 29 · 18 min read · Executive Summary On April 21, 2026, Malwarebytes documented a campaign distributing an infostealer disguised as the Google Antigravity installer — an AI coding tool launched in November 2025 that qui
Join discussion
Sep 18, 2025 · 3 min read · The Attack That Targeted the Supply Chain The npm ecosystem faced what security researchers call a watershed moment in September 2025 when a self-replicating worm, dubbed "Shai-Hulud," compromised over 500 packages. Named after the massive sandworms ...
Join discussion
Aug 8, 2025 · 9 min read · While scanning my daily security feeds this morning, I noticed something troubling: another developer lost half a million dollars to a malicious IDE extension. Not from a zero-day exploit or sophisticated APT, but from installing what looked like a l...
Join discussion
Jun 2, 2025 · 3 min read · The discovery of malicious npm packages like xlsx-to-json-lh—a six-year-old typosquatting artifact mimicking the legitimate xlsx-to-json-lc—alongside broader campaigns involving 60+ packages, underscores systemic vulnerabilities in npm's security mod...
Join discussion
