Platform Modules
CVE & SBOM Management
LiveVulnerability detection, SBOM generation, secret scanning
CIS Validation
Coming SoonContinuous CIS benchmark scoring for Linux, K8s & Windows
MDR + Detection
Coming SoonLog ingestion, ruleset-based alerting, threat detection
3 modules โ CVE & SBOM live, CIS and MDR coming soon
Get early accessBy Role
By Company Size
Threat & CVE
Platform Coverage
Solutions across CVE management, CIS validation, MDR, and compliance
Talk to an expertSecurity insights, threat intelligence, and engineering deep-dives.
The npm account behind axios was compromised, injecting a cross-platform RAT into two malicious releases. Here's the full attack chain and what to check right now.
The Telnyx Python SDK joined a growing list of packages poisoned by TeamPCP โ a campaign that hides malware payloads inside audio files using WAV steganography.
TeamPCP's CanisterWorm delivers two completely different payloads depending on whether a cluster is Iranian. For Iran: total cluster destruction. For everyone else: a silent blockchain-C2 backdoor.
TeamPCP's CanisterWorm started with a single compromised tool โ Trivy โ and used stolen tokens to self-replicate across 46+ npm packages. The C2 runs on a blockchain nobody can take down.
GlassWorm delivers a three-stage attack via compromised npm packages โ ending with a forced Chrome extension install that keystrokes, screenshots, and drains crypto wallets. Its C2 address lives on the blockchain.
The fast-draft extension on Open VSX โ 26,000 downloads โ served four concurrent malicious modules: a remote desktop RAT, a browser credential stealer targeting 25 crypto wallets, a document thief, and a clipboard monitor.