Explore >> Select a destination

You are here

 www.koi.ai
Live Updates: GlassWorm, First Self-Propagating Worm Using Invisible Code Hits OpenVSX And VSCode Marketplaces
| | blog.koi.security
Risk Research & Threat Insights | Koi
1.1 parsecs away

Travel
| | Deep research and expert insights on software supply chain risk, browser extensions, AI security, MCP threats, and enterprise risks.
| | www.backslash.security
Shai-Hulud Strikes Again: Massive npm Attack Exposes Thousands of Secrets - Backslash
2.0 parsecs away

Travel
| | A major npm supply-chain incident surfaced last week. Over 800 packages were poisoned, leading to more than 25,000 GitHub repositories being populated with stolen secrets. Projects linked to Zapier, ENS Domains, PostHog, and Postman were briefly affected.
| | www.koi.security
TigerJack's Extensions Continue to Rob Developers Blind Across Different Marketplaces | Koi Blog
1.3 parsecs away

Travel
| |
| | www.koi.security
First Malicious MCP in the Wild: The Postmark Backdoor That's Stealing Your Emails | Koi Blog
1.9 parsecs away

Travel
| [AI summary] A malicious MCP server, postmark-mcp, was discovered stealing emails from users by adding a BCC line to its code, highlighting vulnerabilities in the supply chain and trust in third-party tools.