Analysis of supply-chain attacks, platform breaches, and emerging threats from the CyberXYZ detection engine.
A .pth startup hook runs a Bun-based credential stealer across 37 PyPI projects. Attack chain, verified IOCs, and hour-zero wave detection.
Maintainer token compromise pushed malicious versions into 42 npm packages on May 19. Credential exfiltration, Sigstore forgery, and IOCs.
Full analysis of the Vercel breach via Context.ai OAuth compromise, including verified IOCs and remediation steps for affected teams.
Malicious axios versions 1.14.1 and 0.30.4 deployed cross-platform RATs. Full IOCs, MITRE ATT&CK mapping, and remediation steps.
A data-driven look at how supply-chain attacks evolved in 2026, covering dependency injection, typosquatting, and maintainer takeover trends.
Under the hood of six detection signals, dependency graph analysis, and behavioral modeling that catches malicious packages before install.
Want to learn how CyberXYZ protects your supply chain? We'd love to hear from you. Reach out and let's have a conversation.