cd/entity/StepSecurity· home entities StepSecurity
grep -l @stepsecurity /news/*.json | wc -l → 9

StepSecurity

mentions 9 type Organization feed RSS

// recent coverage 9 mentions

12:02
2026-07-12
dev.to
ai-safety

How a preinstall hook silently ran malware on npm install

A malicious version of the npm package jscrambler used a preinstall hook to deploy a Rust infostealer on developer machines. The attack targeted browser credentials, crypto wallets, and Bitwarden vaul…

19:10
2026-06-29
byteiota.com
ai-agents

AI Agents Are Now Hacking Developer Infrastructure

In the first half of 2026, two autonomous AI agent campaigns compromised developer infrastructure: one exploited GitHub Actions workflows at Microsoft, DataDog, and CNCF projects, achieving remote cod…

14:16
2026-06-17
dev.to
ai-agents

I Gave Claude Code the Keys. So Did a Worm.

A developer detailed three vulnerabilities in the AI-coding-agent stack, including a supply chain worm that persists in developer toolchain configs, an abuse of shell built-ins to bypass Cursor's comm…

02:10
2026-06-17
github.com
ai-tools

Multiple mastra NPM packages compromised

The StepSecurity Threat Intelligence Team has identified that multiple @mastra npm packages have been compromised. The security breach was disclosed in a GitHub issue on the mastra-ai/mastra repositor…

05:05
2026-06-09
infoworld.com
ai-safety

Meet Hades: The malware that lies to AI security agents

Security researchers at StepSecurity have discovered the Hades Campaign, a sophisticated supply chain malware targeting Python developer environments that uses the Bun toolkit to execute multi-layer p…

10:00
2026-06-05
safedep.io
ai-agents

Miasma Worm Targets AI Coding Agents via GitHub Repos

On June 3, 2026, attackers pushed malicious commits to the GitHub repository `icflorescu/mantine-datatable` and four sibling repos, planting a 4.3 MB payload from the Miasma worm family. The commit ad…

// co-occurs with top 8 entities