Karma-X Blog
Subscribe via RSS
The npm Worm Era: What Shai-Hulud Started, Who's Continuing It, and How Defenders Should Adapt
The npm Worm Era: What Shai-Hulud Started, Who's Continuing It, and How Defenders Should Adapt

September 2025's self-replicating Shai-Hulud npm worm rewrote the supply-chain threat model. Six months later the playbook has been adopted by other actors (TeamPCP, April 2026). Here's the concrete tradecraft, the IOCs that actually fire, and the controls defenders need.

Read More
Supply Chain Alert: TeamPCP Compromises SAP npm Ecosystem via 'mini Shai-Hulud' Campaign
Supply Chain Alert: TeamPCP Compromises SAP npm Ecosystem via 'mini Shai-Hulud' Campaign

TeamPCP exploited a permissive npm OIDC trust policy to poison SAP's mbt and @cap-js packages, exfiltrating cloud and developer secrets to victim-owned GitHub repos. Here's the full attack chain and how to detect it.

Read More
AI Agent Traps: Understanding How the Web Becomes a Weapon Against AI Agents
AI Agent Traps: Understanding How the Web Becomes a Weapon Against AI Agents

The story about ‘AI Agent Traps’ — malicious web content that hijacks autonomous AI agents. Here’s how it works and how to defend against it.

Read More
Russian CTRL Toolkit: How Malicious LNK Files Enable RDP Hijacking via Reverse Tunnels
Russian CTRL Toolkit: How Malicious LNK Files Enable RDP Hijacking via Reverse Tunnels

A custom .NET RAT dubbed CTRL uses weaponized Windows shortcuts to hijack RDP sessions via FRP tunnels—here’s the full attack chain and how to defend against it.

Read More
Red Menshen’s Upgraded BPFdoor: How China’s Stealthiest Backdoor Infiltrates Global Telecom Networks
Red Menshen’s Upgraded BPFdoor: How China’s Stealthiest Backdoor Infiltrates Global Telecom Networks

Red Menshen’s upgraded BPFdoor backdoor embeds kernel-level sleeper cells in telecom networks worldwide. Here’s how it works and how to detect it.

Read More
💬 Ask our AI Assistant Kali