Campaign library
Every historical incident. Every fresh IOC. Ready to sweep.
Every entry ships as a signed campaign template. Targeting: launchable the day the agent lands on your fleet, with new templates published inside a four-hour freshness window at GA. Both targets are being validated with design partners during MVP.
chalk · debug takeover
criticalnpm · 2025
The maintainer of chalk, debug and 16 other npm libraries had accounts compromised via targeted phishing on Sept 8 2025. Malicious versions were live on the registry for roughly two hours.
Scale
18 packages, 2.6B weekly downloads reach
GlassWorm
criticalvs code + openvsx · 2025
Self-propagating worm across the VS Code Marketplace and OpenVSX extension registries. Koi Security disclosed on October 18 2025. Signature traits are invisible-Unicode obfuscation and Solana blockchain C2.
Scale
35,800 installs, self-propagating VS Code + OpenVSX worm
postmark-mcp
criticalmcp · 2025
A malicious version of an MCP server (postmark-mcp) was documented in the wild in September 2025. The compromised release silently BCC'd every outbound email to an attacker-controlled address.
Scale
In-the-wild MCP compromise, BCC exfiltration pattern
Shai-Hulud 2.0
criticalnpm · 2025
Second wave of the Shai-Hulud npm worm. 796 packages backdoored via stolen maintainer credentials, self-propagates through the same postinstall pattern as wave 1.
Scale
796 npm packages, self-replicating worm
Cyberhaven wave
criticalchrome + edge · 2024
Christmas Eve 2024. An attacker phished a Cyberhaven employee's Chrome Web Store credential and pushed a malicious update. 34 further extensions from the same campaign were identified over the following weeks.
Scale
35 extensions, 2.6M users, 400K on Cyberhaven itself
Hugging Face malicious models
criticalhugging face · 2024
JFrog researchers identified roughly 100 malicious models hosted on Hugging Face in February 2024. About 25 of them delivered unsafe-deserialisation payloads that executed on model load via Python's pickle __reduce__ path.
Scale
~100 backdoored models, ~25 unsafe-deserialisation payloads