Safeguard
Tag

malware

Safeguard articles tagged "malware" — guides, analysis, and best practices for software supply chain and application security.

32 articles

AI Security

The Nx Attack Turned AI Coding Agents Into the Malware

In August 2025, attackers hijacked Nx's npm publish token and used Claude Code, Gemini CLI, and Amazon Q as the exfiltration engine — leaking 2,349 secrets.

Jul 16, 20266 min read
Supply Chain Security

How Attackers Clone GitHub Repos to Ship Malware

One threat actor ran 3,000+ fake GitHub accounts and 2,200+ cloned repos to infect over 1,300 victims in four days. Here's how to spot the fakes.

Jul 8, 20267 min read
Supply Chain Attacks

How malicious PyPI packages steal cloud credentials at install time

A typosquat of a 200M-download SSH library stole AWS keys from 37,000 installs — before anyone imported it. Here's the install-time attack pattern.

Jul 8, 20266 min read
Supply Chain Attacks

Software supply chain attack trends: what the public incident data shows

Sonatype tracked 454,648 new malicious packages in 2025 alone — over 1.2 million total since it started counting. Here's what three years of incident data reveal.

Jul 8, 20267 min read
Concepts

What Is Malware? Types and How It Spreads

Malware is any software built to do harm, from stealing data to locking up your files. Here's a beginner-friendly tour of the main types and how it gets in.

Jul 2, 20266 min read
Software Supply Chain Security

GitHub repo confusion and malware repositories

Fake GitHub repos with forged stars and AI-written READMEs are stealing crypto and credentials. Here's how repo confusion attacks actually work.

Jul 1, 20267 min read
Supply Chain Security

eBPF Rootkits Go Mainstream: Inside IronWorm and the Kernel-Level Turn in Supply Chain Malware

IronWorm shipped a kernel-level eBPF rootkit inside dozens of npm packages, hiding the very processes your security tools rely on seeing. Here is what changed, and how to detect kernel-level supply chain malware before it blinds you.

Jun 16, 20267 min read
Vulnerability Analysis

What is Malware

Malware now hides in open source packages and CI pipelines, not just email attachments. Here's what it is, how it spreads, and how to catch it early.

Mar 25, 20267 min read
Supply Chain Attacks

VS Code Marketplace Malware Campaigns in 2025

A senior engineer's review of the 2025 VS Code Marketplace malware wave, including typosquats, trojanized themes, and extensions that stole npm tokens at scale.

Mar 11, 20267 min read
Supply Chain Attacks

PyPI mexalz Malware Campaign Deep Dive

Researchers tracked a PyPI campaign publishing malicious packages under the mexalz and related account names, targeting Python developers with infostealers.

Feb 2, 20266 min read
Vulnerability Analysis

What is a Man-in-the-Browser Attack

Man-in-the-browser malware rewrites transactions inside a victim's own browser, bypassing TLS and OTP 2FA -- here's how it works and how to stop it.

Jan 26, 20267 min read
Product

Safeguard Eagle 3.0 Release: Classifier Update

Eagle 3.0 is the classification model behind Safeguard's package, image, and secret detection. Here is what changed, what moved, and what it means for alerts.

Jan 24, 20266 min read
malware — Safeguard Blog