Skip to content
Now taking design partners.Roadmap →
Latest catalog entry:Shai-Hulud wave 3 IOC sweep· 6d agoSLO < 4h

Campaign library

Every historical incident. Every fresh IOC. Ready to sweep.

Every entry ships as a signed campaign template. Targeting: launchable the day the agent lands on your fleet, with new templates published inside a four-hour freshness window at GA. Both targets are being validated with design partners during MVP.

chalk · debug takeover

critical

npm · 2025

The maintainer of chalk, debug and 16 other npm libraries had accounts compromised via targeted phishing on Sept 8 2025. Malicious versions were live on the registry for roughly two hours.

Scale

18 packages, 2.6B weekly downloads reach

GlassWorm

critical

vs code + openvsx · 2025

Self-propagating worm across the VS Code Marketplace and OpenVSX extension registries. Koi Security disclosed on October 18 2025. Signature traits are invisible-Unicode obfuscation and Solana blockchain C2.

Scale

35,800 installs, self-propagating VS Code + OpenVSX worm

postmark-mcp

critical

mcp · 2025

A malicious version of an MCP server (postmark-mcp) was documented in the wild in September 2025. The compromised release silently BCC'd every outbound email to an attacker-controlled address.

Scale

In-the-wild MCP compromise, BCC exfiltration pattern

Shai-Hulud 2.0

critical

npm · 2025

Second wave of the Shai-Hulud npm worm. 796 packages backdoored via stolen maintainer credentials, self-propagates through the same postinstall pattern as wave 1.

Scale

796 npm packages, self-replicating worm

Cyberhaven wave

critical

chrome + edge · 2024

Christmas Eve 2024. An attacker phished a Cyberhaven employee's Chrome Web Store credential and pushed a malicious update. 34 further extensions from the same campaign were identified over the following weeks.

Scale

35 extensions, 2.6M users, 400K on Cyberhaven itself

Hugging Face malicious models

critical

hugging face · 2024

JFrog researchers identified roughly 100 malicious models hosted on Hugging Face in February 2024. About 25 of them delivered unsafe-deserialisation payloads that executed on model load via Python's pickle __reduce__ path.

Scale

~100 backdoored models, ~25 unsafe-deserialisation payloads