Olivia
Online
OX Security
@OX__Security
Securing your applications from Prompt to Runtime.
Joined June 2024
13 Following
217 Followers
134 Posts
🚨 BREAKING: Miasma is back.
The Shai-Hulud variant has returned to npm, impacting 57 packages with a combined 647K+ monthly downloads.
⚠️ GitHub token theft
⚠️ Cloud credential theft
⚠️ npm account compromise
⚠️ 118+ infected GitHub repos
Full technical analysis to come — follow @OX__Security for updates
#CyberSecurity #SupplyChainSecurity #AppSec #npm #OpenSource
🚨 BREAKING: Meet IronWorm
a new malware campaign is infecting npm packages, stealing developer credentials, compromising GitHub repos, and republishing malicious packages to spread further.
☠️ Credential theft
🪱 Self-propagation
🥷 eBPF rootkit
🧅 Tor-based C2
Full technical analysis to come — follow @OX__Security for updates
#CyberSecurity #npm
Shai-Hulud is getting more sophisticated 🧐🎩
we uncovered a 6-stage malware chain that uses GitHub as a live update mechanism — allowing attackers to continuously evolve payloads and evade disruption.
OUR FULL RESEARCH: https://t.co/No9dlqzDgz
don't miss out!
REGISTER TODAY ⬇️
📅 Tues - June 16, 2026
⏰ 12PM ET | 9AM PT | 6PM CEST
🎯 VibeSecCon Returns: The Security Summit Running From Prompt to Runtime
🔗 https://t.co/wBo5oJH4Fq
[ 𝐓𝐇𝐑𝐄𝐄 𝐒𝐄𝐒𝐒𝐈𝐎𝐍𝐒 ]
🔬 Research Session
From Standalone CVEs to Exploit Chains: What the CVE Flood Actually Means
🛠️ Operational Session
Runtime Is Not Optional: When the Attack Surface Moves After You Ship
🧠 Strategic Session
Governing What You Can't Predict: A CISO's Framework for Agentic Risk
[ 𝐒𝐏𝐄𝐀𝐊𝐄𝐑𝐒 ]
🔹@MosheTov | Security Research Lead, @OX__Security
🔹@JamesBerthoty | Founder & CEO, @latiotech
🔹@chenxiwang | Managing General Partner, @rain_capital
🔹@begimher | Sr. Security Engineer, @awscloud
... plus more speakers to come!
did Mythos kill the CVE concept?
AI didn't just speed up vulnerability discovery. It commoditized it.
Give Mythos, GPT, or Llama a vulnerable function, and they'll find what's wrong every time. The hard part is no longer finding CVEs. It's knowing which ones matter.
The CVE program wasn't built for this. MITRE's funding nearly lapsed earlier this year. Submissions are up 32%. The backlog keeps growing — and that's before AI floods the pipeline even further.
Only 1.08% of findings correlate with actual risk, per OX's 2026 Application Security Benchmark.
Security teams aren't drowning in vulnerabilities. They're drowning in noise.
Here's what that misses: attackers don't exploit CVEs in isolation. They build chains.
We found a clear example in DataEase — an open-source BI platform with 23,000+ GitHub stars. Four CVEs. Medium severity individually. Together: unauthenticated remote code execution.
The chain only becomes visible when you understand the architecture.
That's what the industry needs to shift toward — not individual findings, but Chains of Exploit. AI is already helping attackers build them. Security teams need the same lens.
CVEs are dead. Long live the Mythos era.
#CyberSecurity #AISecurity #AppSec #CVE #Anthropic @OX__Security
🚨 @ redhat-cloud-services compromised 🚨
31+ npm packages infected with a new Shai-Hulud variant.
Steals GitHub, npm, AWS, GCP & Azure creds.
210+ repos found with stolen secrets.
Rotate keys. Enable 2FA. Assume compromise.
FULL TECHNICAL ANALYSIS: https://t.co/dMKbeLT91L
🚨 BREAKING: Supply Chain Attack Hits @ redhat-cloud-services npm Organization 🚨
A multi-stage dropper with infostealer capabilities was published across dozens of @ redhat-cloud-services packages, potentially impacting developers and downstream consumers.
⚠️ Affected packages include frontend-components, rbac-client, chrome, notifications-client, insights-client, and many others.
Full technical analysis to come — follow @OX__Security for updates
#CyberSecurity #SupplyChainSecurity #npm #AppSec
🏆 honored to be recognized as the top SAST tool for security teams in 2026!
big thanks to @The_Cyber_News for the inclusion & recognition 🙌
proud to help engineering teams move beyond noisy findings toward contextual, actionable AppSec ⚡
FULL STORY: https://t.co/cUt5bNxE7T
🚨 NPM Malware-slop Alert!🚨
We detected and reported a malware-slop package to npm - the malware uses it's OWN PRIVATE GitHub token, which is EMBEDDED INSIDE the malware itself - to read sensitive information and upload it to the threat actor's GitHub repository.
The malware is still live on npm - https://t.co/uH8mU1a4dw
The threat actor's GitHub page was opened 5h ago -
https://t.co/WhqZ6BaLRM
Detailed report will be published tomorrow.
The CVE is Dead 🥀🪦⚰️
In the Mythos era, vulnerabilities are just metadata. When every LLM finds the same bugs, the real risk is the Chain of Exploit — how “medium” findings become full compromise.
OUR FULL STATEMENT: https://t.co/fkotQDrRku
🚨 From Auth Bypass to Full RCE: 4-Vulnerability Exploit Chain in DataEase
⚠️ OX uncovered a critical exploit chain that turns a prior auth bypass into full remote code execution—no credentials required
Impact: full system + data compromise
FULL REPORT: https://t.co/H6RVrEhkvy
🚨 BREAKING: we discovered a new npm infostealer RAT tied to a North Korean threat actor
TL;DR: a DPRK-linked actor is hiding in logger packages. We uncovered a malicious npm package, terminal-logger-utils, tied to North Korean activity.
FULL REPORT: https://t.co/98KXGbDOzz
🚨 “Megalodon” hits CI/CD
⚠️ 5,000+ GitHub repos infected via fake PRs.
Malicious YAML runs in pipelines → steals creds + spreads.
Impact: repo + pipeline compromise.
Action: audit configs, rotate creds, block known C2.
FULL REPORT: https://t.co/OcEUEETYn6
🚨 BREAKING: we discovered a new npm infostealer RAT tied to a North Korean threat actor
TL;DR: a DPRK-linked actor is hiding in logger packages. We uncovered a malicious npm package, terminal-logger-utils, tied to North Korean activity.
FULL REPORT: https://t.co/98KXGbDOzz
and even more...
@SecurityWeek - https://t.co/yUdIXjaMbt
@thecyberwire - https://t.co/zFiFH3B7eR
@securityaffairs - https://t.co/GF3fWO3F5L
@The_Cyber_News - https://t.co/2CmpLLrCMO
🙌🔬🤓
🪱 Shai-Hulud works hard but...
our Research Team works harder 👊
Appreciate all the coverage on our research::
@TheRegister - https://t.co/KdCZgq1O16
@TheHackersNews - https://t.co/KyeIWPU4RG
@Cybernews - https://t.co/2CmpLLrCMO
@BleepinComputer - https://t.co/N0L0MJM2lG
🚨 300+ npm Packages Backdoored:
💥 Shai-Hulud Worm Hits 59M Downloads
Preinstall runs on install → steals creds + spreads via GitHub.
Impact: secrets exfiltrated at scale.
Action: rotate keys, enable 2FA, assume compromise.
FULL REPORT: https://t.co/gIYYV1NxPo
⚠️ Four malicious npm packages with 3,006 downloads were found delivering infostealers and Phantom Bot DDoS malware.
One package clones leaked Shai-Hulud worm code, while others steal SSH keys, cloud credentials and wallet data.
Full details: https://t.co/ItjZERMMDz
TeamPCP: Attack of the Clones
We detected the first ever out in the wild Shai-Hulud clone copying from the TeamPCP leaked source code last week.
The Shai-Hulud variant is a part of a family of 4 different malwares by the same actor, including credential stealing logic, and also exfiltration of personal information (IP, Location, Hostname) AND a DDoS botnet server designed to attack servers directly from the victim's machine!
The malwares are still live on npm, targeting developers via typo-squatting and Axios impersonation.
For more details, and a full technical breakdown of all the four malicious packages:
https://t.co/Ske6Bnynh7
Last Seen Users on Sotwe
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
60.9M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers