follow.it gives you an easy way to subscribe to Phoenix Security's news feed! Click on Follow below and we deliver the updates you want via email, phone or you can read them here on the website on your own news page.
You can also unsubscribe anytime painlessly. You can even combine feeds from Phoenix Security with other site's feeds!
Title: Phoenix Security - FIX Vulnerability with context from appsec to cloud security
Is this your feed? Claim it!
Executive Summary Three days after the June 1 Red Hat Cloud Services compromise, the Miasma npm worm is back with a second wave. This time it targets @vapi-ai/server-sdk (71,000 weekly downloads), ai-sdk-ollama (31,000 weekly downloads), and 55 other packages, with 647,204 total monthly downloads in scope. First infection confirmed at 02:46:12 +0800 on June 4, […]
The ...
Executive Summary IronWorm is an npm supply chain worm — a self-propagating Rust-built implant distributed through 37 packages that carries an eBPF rootkit, Tor-based command and control, and a CI self-replication engine that requires no stored credentials. Unlike typical npm credential stealers built on a few hundred lines of obfuscated JavaScript, IronWorm ships as a […]
On June 1, 2026, 32 packages in the @redhat-cloud-services npm scope — totalling 116,991 weekly downloads — were backdoored by Miasma, a new Shai-Hulud variant that steals credentials across AWS, GCP, Azure, and Kubernetes through a preinstall hook. No CVE exists. Every malicious version passed npm Trusted Publishing validation using legitimate OIDC-issued tokens, leaving CVE...
AI now generates working exploits in 10–15 minutes. Verizon's DBIR confirms software vulnerabilities have overtaken stolen credentials as the top breach entry point. The NCSC and Bank of England have formally demanded automated, at-scale remediation. This analysis breaks down why traditional vulnerability management is broken, what the 2026 supply-chain attack catalogue tells...
TrapDoor is an active supply chain campaign hitting npm, PyPI, and Crates.io simultaneously — 34 malicious packages, 384 artifact versions, confirmed since May 19, 2026. The campaign steals SSH keys, AWS credentials, GitHub tokens, and crypto wallet keystores, while silently poisoning AI coding assistants through hidden zero-width Unicode injected into .cursorrules and CLAUDE...