Blog

Rolling out Claude Code? Protect your team from Axios, LiteLLM, and Lightning.

Axios, LiteLLM, and Lightning prove that pinning and review aren't enough — attackers now ship malware through legitimate maintainer accounts in minutes. Safety gives security teams a pip/npm proxy that blocks malicious releases and workstation visibility into every package, MCP server, and IDE extension across the developer fleet.

Anatomy of the Lightning PyPI compromise

Two malicious lightning PyPI versions used a 4-file __init__.py injection to harvest cloud secrets, npm and GitHub tokens, and AWS/GCP/Azure credentials on import — bypassing Lightning AI's CI pipeline. Full forensic breakdown and remediation steps inside.

What 36 Malicious npm Packages Can Do to Your Infrastructure From a postinstall Hook

36 malicious npm packages disguised as Strapi plugins used postinstall hooks to map infrastructure, escape containers, spray credentials, and attempt lateral movement. Full static analysis and remediation steps inside.

Axios NPM package has been compromised and is installing malware

The massively popular Axios npm package, with over 40 million weekly downloads, was compromised on March 31, 2026 after a threat actor hijacked the maintainer's npm and GitHub accounts, published two malicious versions containing a hidden dependency that silently installs cross-platform Remote Access Trojans on macOS, Windows, and Linux -- here's what happened, who's affected, and what you need to do to protect yourself.

TeamPCP Strikes Again: Telnyx Python SDK (790K Monthly Downloads) Hit with Credential-Stealing Malware

The Telnyx Python SDK was compromised with credential-stealing malware by TeamPCP, marking the latest wave in a supply chain attack chain spanning five ecosystems. Learn how the attack connects to prior compromises of Trivy, npm, Checkmarx, and LiteLLM — and what to do if you're affected.

PyPI package with 3.6m daily downloads is compromised

We found a malicious litellm package stealing cloud credentials, crypto wallets, and SSH keys — with Kubernetes cluster takeover built in. Here's the full breakdown.

Open Source Supply Chain Threats: February 2026 in Review

February saw 507 malicious packages and a surge in PyPI activity. This month's spotlight: Safety researchers uncovered new packages from an active WhatsApp botnet campaign.

"NotEason" Campaign: TikTok Tutorials Led to Discord Server Destruction

Hiding in Plain Sight: How a Blatant Cryptominer Survived 3 Years on PyPI

GlassWorm Hijacks Popular React Native Packages — 130K Monthly Downloads Compromised

AI Agent Skills: The Story of How We Got Acquainted

We scanned the top 238 skills from skills.sh and ClawHub for malicious payloads, prompt injection, and data exfiltration. Zero confirmed malware, but the attack surface is real.

Agentic Endpoint Security: What It Actually Means (and What's Missing)

"Agentic endpoint security" addresses a real problem — AI agents operating as unseen insiders on developer machines. But the category is being defined by vendor acquisition strategies, not by what CISOs actually need: full visibility and governance across the entire workstation surface.

MagicWolf - Six Weeks of Evolving PyPI Supply Chain Attacks

A single threat actor ran a six-week PyPI supply chain attack, publishing 28 malicious Python packages under six names, evolving from basic malware to sophisticated analyst-evading techniques while making security mistakes that exposed the campaign

Why Your Employee Workstation Is the New Target for Software Supply Chain Attacks

The software supply chain's primary risk has shifted from CI/CD to the employee workstation. AI and open-source consumption create a massive, ungoverned attack surface where traditional EDR fails. Securing this Tier-1 risk requires a new control plane based on four pillars: Observability, Pre-emptive Governance at the moment of intent, Real-time Intelligence, and Silent, Scalable Deployment without workflow disruption.

Open Source Supply Chain Threats: January 2026 in Review

January 2026 saw 652 malicious packages across NPM and PyPI, with a spotlight on the chai-sub campaign, a multi-layered deception mimicking the popular Pino logging library to deliver remote code execution payloads.

Open Source Supply Chain Threats: December 2025 in Review

In December, we tracked 3,683 malicious packages across NPM and PyPI, including a persistent campaign hijacking Claude Code to steal API keys and exfiltrate developer conversations

Fake Grok API Wrapper Deploys New Malware

The grokwrapper package is a malicious PyPI supply chain attack that targets Python developers by masquerading as an unofficial API wrapper for xAI's Grok.

ExtraZip: Fake ZIP Utilities Unleash Python Malware On Unsuspecting Victims

The "ExtraZip" campaign distributes trojanized Python packages through PyPI, masquerading as ZIP utilities and email libraries while deploying a heavily obfuscated Windows infostealer targeting Telegram and credentials

Malicious Python Packages Deliver "Telegrem-Bot" Malware

A sophisticated multi-stage Python RAT masquerading as an Islamic prayer Telegram bot was discovered in the PyPI package "telegrem," establishing persistent remote access, stealing credentials, exfiltrating sensitive data, and installing SSH backdoors on victim systems.

Hash Validation Packages Targeted by Malicious NPM Packages

Threat actors successfully targeted popular hash validation libraries for months with malicious packages that stole crypto assets

Shai-Hulud 3.0: A Confusing Iteration To The Worm

Shai-hulud part III: "The Reckoning?" has arrived early

Meet "Scopper": A new lightweight Python based remote access trojan (RAT)

Scopper is a new compact, lightweight remote access trojan (RAT) that uses Telegram for its C2

Malicious NPM package targets Polymarket crypto ecosystem

A malicious npm package disguised as a Polymarket trading library that silently steals cryptocurrency wallet files and private keys to drain victims cryptocurrencies

OWASP Top 10 2025: How to Operationalize Software Supply Chain Security for Developer Environments

OWASP Top 10 2025: Supply Chain Security for Developer Environments

NPM Malware Uses “Cloaking” Technology to Target StandX and Uniswap Users

A NPM malware campaign “Integrator-Filescrypt" targeting cryptocurrency users leverages sneaky Russian cloaking technology to evade security detection

Sneaky NPM packages targeting Claude Code

A malicious NPM package pretends to be the official Claude Code package so it can steal Anthropic credentials and proxy malicious requests to compromised accounts

Malware in 82 NPM Packages targets hospital billing system

NPM based malware targets Vietnamese hospital billing system with coordinated campaign

NPM Packages Are Being Used In Active Credential Phishing Attack

NPM packages being used in active credential phishing attack

"Shai-Hulud" NPM attack runs malicious GitHub Action

An NPM attack compromised dozens of popular packages which then ran malicious GitHub actions in the compromised accounts

NPM Attack Targets Popular Maintainers

A massive NPM attack targeted the most popular package maintainers

Analysing the AI used in the Nx Attack

Safety research team analyzed the multiple AI prompts used in the Nx software supply chain attack

Attack on NPM targets developers using Nx Build Ecosystem

New NPM Based Infostealer Malware Targets Cryptocurrrency developers

Infostealer targets Russian crypto developers

New NPM Based Infostealer Malware Targets Cryptocurrrency developers

Threat actor uses AI to create a better crypto wallet drainer

Safety’s malicious package detection identified a malicious package that appears to have been written by Claude AI

From Zero to Three: How We Built a Thriving Co-op Program at Safety Cybersecurity

How Safety built a high-impact co-op program by scaling thoughtfully, mentoring deeply, and empowering interns with real project ownership.

Understanding Bill C‑8’s First Reading — A Turning Point in Canada’s Cybersecurity Strategy

Canada's Bill C-8 and what it means for Canadian cybersecurity strategy.

Understanding the EU-Canada Security and Defence Partnership: What It Means for Cybersecurity

June 2025's announcement regarding the EU-Canada Security and Defence Partnership and what this means for cybersecurity.

Solana-Drainer Malware Steals Jupyter Notebooks and Source Code

Threat actors are using Python libraries targeting the Solana cryptocurrency ecosystem

Yeshen-Asia Threat Campaign

A sprawling threat campaign over six months spanning dozens of npm packages.

Russian hackers manipulate npm to make realistic packages

Safety’s malicious package detection identified a malicious npm package today named express-exp. This package was brand new, and had only one version, 1.0.1.

The Two Types of Software Risk: Accidental vs. Intentional Threats

Software engineer's accidentally create vulnerabilities in their software, while threat actors create malicious open source components. Your application security tools should protect you from both.

Payment processor publishes official NPM package that leaks credit card data via ngrok

A new npm package published by Cashfree leaks credit card data to an ngrok endpoint.

Critical Supply Chain Attack Targets Ultralytics AI Library

A software supply chain attack recently compromised multiple versions of Ultralytics YOLO, one of the most widely used Python AI libraries for computer vision tasks.

Protecting AI Integrity: Mitigating the Risks of Data Poisoning Attacks in Modern Software Supply Chains

Discover how to safeguard AI integrity against the rising threat of data poisoning attacks in modern software supply chains.

Navigating the NVD Backlog with Safety's Leading Vulnerability Data

The National Vulnerability Database backlog has left many in the cybersecurity community concerned about reliability and timeliness of vulnerability data.

Executive Order 14028

How Executive Order 14028 aims to strengthen national cybersecurity by securing the software supply chain.

Understanding Open Source Licenses: Mitigating Risks and Ensuring Compliance with Safety CLI

Learn how to navigate the complexities of open-source licenses to mitigate legal and operational risks.

Understanding the Security Vulnerability in the llama-cpp-python Package

A critical security vulnerability was discovered in the llama-cpp-python package, which could have significant implications for systems using this library.

Safety CLI Team Uncovers Unpublished Vulnerability in TensorFlow: CVE-2023-33976

Safety's Cybersecurity Intelligence team discovered an unpublished vulnerability (CVE-2023-33976) in the TensorFlow Python package.

CryptoAITools Supply Chain Attack: What It Means for Package Security

A recently-discovered malicious package has raised alarms across the cryptocurrency development community.

Building an Effective Engineering Career Framework: A Practical Guide

Why career frameworks matter and best practices to create one that reflects your company's values.

Key Insights from Canada’s 2025-2026 Cyber Threat Assessment

Findings from the Canadian National Cyber Threat Assessment (NCTA) and actionable advice for developers, DevOps and SecOps professionals.

Typosquatting Cyberattack on PyPI Suspends New User and Project Creation

NVD Update Delays and the Impact on the Developer Community: Safety Cybersecurity's Proactive Response

NVD Update Delays and the Impact on the Developer Community: Safety Cybersecurity's Proactive Response

Lessons from the Recent PyTorch Supply Chain Attack

A recent attack by ethical hackers on PyTorch, a popular Machine Learning library, is a stark reminder of the importance of securing software supply chains.

cURL Vulnerability CVE-2023-38545 for Python Systems

A high-severity vulnerability in cURL and its associated library libcurl was disclosed on 11 October, 2023.

Libwebp: Special Vulnerability Advisory (CVE-2023-4863)

In-depth analysis of a recently discovered vulnerability in the libwebp library.

Securing the Software Supply Chain for Python Developers (Part 2)

Learn why software supply chain security is essential for Python development today, and explore historical supply chain breaches like Log4j and SolarWinds, and how to protect against them.

Python Security: Best Practices for Developers

Learn best practices for secure Python development.

An Introduction to Software Supply Chains for Python Developers

Part 1 in a series dedicated to software supply chains and security.

Beyond CVSS: Project Context, Exploitability, and Reachability of Vulnerabilities

Part II: The importance of Severity when assessing software supply chain vulnerabilities.

Severity and the Common Vulnerability Scoring System (CVSS)

Part I: The importance of CVSS severity when assessing software supply chain vulnerabilities.