Endor Labs
@endorlabs.bsky.social
At Endor Labs, we've created the first open source dependency lifecycle management platform to help OSS consumers select, secure and maintain dependencies effectively.
Shai Hulud’s latest wave shows cross-ecosystem spread: an infected posthog-node package was rebundled as a Java archive and pushed to Maven Central via mvnpm.
Version 4.18.1 is removed, and other rebundles appear clean.
Key point: malware is now moving between ecosystems automatically.
Version 4.18.1 is removed, and other rebundles appear clean.
Key point: malware is now moving between ecosystems automatically.
November 26, 2025 at 4:10 PM
Shai Hulud’s latest wave shows cross-ecosystem spread: an infected posthog-node package was rebundled as a Java archive and pushed to Maven Central via mvnpm.
Version 4.18.1 is removed, and other rebundles appear clean.
Key point: malware is now moving between ecosystems automatically.
Version 4.18.1 is removed, and other rebundles appear clean.
Key point: malware is now moving between ecosystems automatically.
Shai-Hulud shows how fast npm worms can move through packages, CI workflows, and maintainer accounts. Shared code speeds development, and expands the impact of compromised creds.
Full breakdown from Robert Haynes:
www.endorlabs.com/learn/unders...
#ShaiHulud #Malware
Full breakdown from Robert Haynes:
www.endorlabs.com/learn/unders...
#ShaiHulud #Malware
November 25, 2025 at 10:23 PM
Shai-Hulud shows how fast npm worms can move through packages, CI workflows, and maintainer accounts. Shared code speeds development, and expands the impact of compromised creds.
Full breakdown from Robert Haynes:
www.endorlabs.com/learn/unders...
#ShaiHulud #Malware
Full breakdown from Robert Haynes:
www.endorlabs.com/learn/unders...
#ShaiHulud #Malware
A new Shai-Hulud variant just escalated from stealing credentials to attempting to wipe the entire home directory when exfiltration fails.
If you use npm: audit your packages, remove bad versions, rotate tokens, and inspect every workflow.
www.endorlabs.com/learn/shai-h...
#ShaiHulud #malware
If you use npm: audit your packages, remove bad versions, rotate tokens, and inspect every workflow.
www.endorlabs.com/learn/shai-h...
#ShaiHulud #malware
Shai-Hulud 2 Malware Campaign Targets GitHub and Cloud Credentials Using Bun Runtime | Blog | Endor Labs
Analysis of Shai-Hulud 2, a new npm supply chain attack using Bun for execution, credential theft, and CI/CD propagation, with mitigation guidance.
www.endorlabs.com
November 24, 2025 at 6:05 PM
A new Shai-Hulud variant just escalated from stealing credentials to attempting to wipe the entire home directory when exfiltration fails.
If you use npm: audit your packages, remove bad versions, rotate tokens, and inspect every workflow.
www.endorlabs.com/learn/shai-h...
#ShaiHulud #malware
If you use npm: audit your packages, remove bad versions, rotate tokens, and inspect every workflow.
www.endorlabs.com/learn/shai-h...
#ShaiHulud #malware
Reposted by Endor Labs
Wednesday was a double dose of baseball! ⚾
From Braves vs. White Sox in Atlanta to Cubs vs. Brewers in Chicago, we had a great time enjoying the games with our partners at @endorlabs.bsky.social
A big thank you to everyone who joined us!
#AppSec #DevOps
From Braves vs. White Sox in Atlanta to Cubs vs. Brewers in Chicago, we had a great time enjoying the games with our partners at @endorlabs.bsky.social
A big thank you to everyone who joined us!
#AppSec #DevOps
August 21, 2025 at 8:52 PM
Wednesday was a double dose of baseball! ⚾
From Braves vs. White Sox in Atlanta to Cubs vs. Brewers in Chicago, we had a great time enjoying the games with our partners at @endorlabs.bsky.social
A big thank you to everyone who joined us!
#AppSec #DevOps
From Braves vs. White Sox in Atlanta to Cubs vs. Brewers in Chicago, we had a great time enjoying the games with our partners at @endorlabs.bsky.social
A big thank you to everyone who joined us!
#AppSec #DevOps
Reposted by Endor Labs
The @endorlabs.bsky.social + @stackhawk.bsky.social
integration connects SAST + DAST for one correlated finding.
Less noise. Real context. Faster fixes.
🔗 www.stackhawk.com/blog/endor-l...
integration connects SAST + DAST for one correlated finding.
Less noise. Real context. Faster fixes.
🔗 www.stackhawk.com/blog/endor-l...
November 20, 2025 at 9:06 PM
The @endorlabs.bsky.social + @stackhawk.bsky.social
integration connects SAST + DAST for one correlated finding.
Less noise. Real context. Faster fixes.
🔗 www.stackhawk.com/blog/endor-l...
integration connects SAST + DAST for one correlated finding.
Less noise. Real context. Faster fixes.
🔗 www.stackhawk.com/blog/endor-l...
Endor Labs’ 2025 State of Dependency Management report is live!
-49% of dependencies imported by AI agents had known vulns.
-34% didn’t exist at all.
-Only 1 in 5 was safe.
www.endorlabs.com/lp/state-of-...
#MCP #AIAgents #DMR2025
-49% of dependencies imported by AI agents had known vulns.
-34% didn’t exist at all.
-Only 1 in 5 was safe.
www.endorlabs.com/lp/state-of-...
#MCP #AIAgents #DMR2025
November 4, 2025 at 2:37 PM
Endor Labs’ 2025 State of Dependency Management report is live!
-49% of dependencies imported by AI agents had known vulns.
-34% didn’t exist at all.
-Only 1 in 5 was safe.
www.endorlabs.com/lp/state-of-...
#MCP #AIAgents #DMR2025
-49% of dependencies imported by AI agents had known vulns.
-34% didn’t exist at all.
-Only 1 in 5 was safe.
www.endorlabs.com/lp/state-of-...
#MCP #AIAgents #DMR2025
🔔 Update on the ongoing "Shai-Hulud" malware campaign
The Endor Labs security research team has identified more than 550+ packages and versions affected by the ongoing "Shai-Hulud" software supply chain attack targeting the npm registry.
www.endorlabs.com/learn/npm-ma...
The Endor Labs security research team has identified more than 550+ packages and versions affected by the ongoing "Shai-Hulud" software supply chain attack targeting the npm registry.
www.endorlabs.com/learn/npm-ma...
npm Malware Outbreak: Tinycolor and CrowdStrike Packages Compromised | Blog | Endor Labs
A virus-like npm malware attack has spread to 180+ packages so far, including CrowdStrike and Tinycolor
www.endorlabs.com
September 18, 2025 at 5:58 PM
🔔 Update on the ongoing "Shai-Hulud" malware campaign
The Endor Labs security research team has identified more than 550+ packages and versions affected by the ongoing "Shai-Hulud" software supply chain attack targeting the npm registry.
www.endorlabs.com/learn/npm-ma...
The Endor Labs security research team has identified more than 550+ packages and versions affected by the ongoing "Shai-Hulud" software supply chain attack targeting the npm registry.
www.endorlabs.com/learn/npm-ma...
AI is changing how software gets built. Today, we’re changing how it gets secured with the expansion of our application security platform and a $93M Series B to accelerate what we’re building.
More here: bit.ly/42DqUmB
#AppSec #SeriesB #EndorLabs #DevSecOps #Cybersecurity
More here: bit.ly/42DqUmB
#AppSec #SeriesB #EndorLabs #DevSecOps #Cybersecurity
April 23, 2025 at 4:11 PM
AI is changing how software gets built. Today, we’re changing how it gets secured with the expansion of our application security platform and a $93M Series B to accelerate what we’re building.
More here: bit.ly/42DqUmB
#AppSec #SeriesB #EndorLabs #DevSecOps #Cybersecurity
More here: bit.ly/42DqUmB
#AppSec #SeriesB #EndorLabs #DevSecOps #Cybersecurity
Developers are moving faster than ever with tools like GitHub Copilot.
The result?
62% of AI-generated code has flaws
Nearly 30% contains known security weaknesses
Next week, we’re announcing a new way for AppSec teams to understand what’s changing and why it matters.
#AppSec #AI #LLM #DevSecOps
The result?
62% of AI-generated code has flaws
Nearly 30% contains known security weaknesses
Next week, we’re announcing a new way for AppSec teams to understand what’s changing and why it matters.
#AppSec #AI #LLM #DevSecOps
April 17, 2025 at 7:50 PM
Developers are moving faster than ever with tools like GitHub Copilot.
The result?
62% of AI-generated code has flaws
Nearly 30% contains known security weaknesses
Next week, we’re announcing a new way for AppSec teams to understand what’s changing and why it matters.
#AppSec #AI #LLM #DevSecOps
The result?
62% of AI-generated code has flaws
Nearly 30% contains known security weaknesses
Next week, we’re announcing a new way for AppSec teams to understand what’s changing and why it matters.
#AppSec #AI #LLM #DevSecOps
OWASP OSS Risk 2: Explore the compromise of legitimate open-source packages, with an in-depth case study of the tj-actions/changed-files GitHub Action supply chain attack.
www.endorlabs.com/learn/owasp-...
#OSSRisk #OWASPOSSRisk #tjactions
www.endorlabs.com/learn/owasp-...
#OSSRisk #OWASPOSSRisk #tjactions
OWASP OSS Risk 2: Compromise of Legitimate Package | Blog | Endor Labs
OWASP OSS Risk 2: Explore the compromise of legitimate open-source packages, with an in-depth case study of the tj-actions/changed-files GitHub Action supply chain attack.
www.endorlabs.com
April 8, 2025 at 3:15 PM
OWASP OSS Risk 2: Explore the compromise of legitimate open-source packages, with an in-depth case study of the tj-actions/changed-files GitHub Action supply chain attack.
www.endorlabs.com/learn/owasp-...
#OSSRisk #OWASPOSSRisk #tjactions
www.endorlabs.com/learn/owasp-...
#OSSRisk #OWASPOSSRisk #tjactions
Attackers compromised tj-actions/changed-files, used by 23,000+ repos, injecting malicious code to steal CI/CD secrets.
What you need to know and how to mitigate:
www.endorlabs.com/learn/github...
What you need to know and how to mitigate:
www.endorlabs.com/learn/github...
GitHub Action tj-actions/changed-files supply chain attack: what you need to know | Blog | Endor Labs
GitHub Action tj-actions/changed-files was compromised, exposing CI/CD secrets. Learn how this attack impacts repositories and what steps to take now.
www.endorlabs.com
March 16, 2025 at 12:41 AM
Attackers compromised tj-actions/changed-files, used by 23,000+ repos, injecting malicious code to steal CI/CD secrets.
What you need to know and how to mitigate:
www.endorlabs.com/learn/github...
What you need to know and how to mitigate:
www.endorlabs.com/learn/github...
Less than 9.5% of vulnerabilities are actually exploitable, but FedRAMP ConMon requires fixing everything.
With Endor Labs, you can:
- Prove false positives to your 3PAO
- Correlate SCA & container scans
- Patch vulnerabilities 6.2x faster with Endor Patches
www.endorlabs.com/landing-page...
With Endor Labs, you can:
- Prove false positives to your 3PAO
- Correlate SCA & container scans
- Patch vulnerabilities 6.2x faster with Endor Patches
www.endorlabs.com/landing-page...
March 15, 2025 at 12:01 AM
Less than 9.5% of vulnerabilities are actually exploitable, but FedRAMP ConMon requires fixing everything.
With Endor Labs, you can:
- Prove false positives to your 3PAO
- Correlate SCA & container scans
- Patch vulnerabilities 6.2x faster with Endor Patches
www.endorlabs.com/landing-page...
With Endor Labs, you can:
- Prove false positives to your 3PAO
- Correlate SCA & container scans
- Patch vulnerabilities 6.2x faster with Endor Patches
www.endorlabs.com/landing-page...
The latest CISO guide from The Hacker News makes it clear - EU AI Act, ISO 42001, and NIST AI RMF all require it.
But inventory is just the start. You also need to enforce AI policies. Endor Labs can help you there.
About CLEAR framework:
thehackernews.com/2025/02/how-...
#AI #AppSec #DevSecOps
But inventory is just the start. You also need to enforce AI policies. Endor Labs can help you there.
About CLEAR framework:
thehackernews.com/2025/02/how-...
#AI #AppSec #DevSecOps
February 18, 2025 at 6:53 PM
The latest CISO guide from The Hacker News makes it clear - EU AI Act, ISO 42001, and NIST AI RMF all require it.
But inventory is just the start. You also need to enforce AI policies. Endor Labs can help you there.
About CLEAR framework:
thehackernews.com/2025/02/how-...
#AI #AppSec #DevSecOps
But inventory is just the start. You also need to enforce AI policies. Endor Labs can help you there.
About CLEAR framework:
thehackernews.com/2025/02/how-...
#AI #AppSec #DevSecOps
Endor Labs ❤️ GitHub
Context switching is a productivity killer. Developers live on GitHub, so #AppSec should too.
With Endor Labs Reachability-based SCA now integrated into GHAS, teams can get best-in-class application security, all in one place.
github.blog/security/fro...
Context switching is a productivity killer. Developers live on GitHub, so #AppSec should too.
With Endor Labs Reachability-based SCA now integrated into GHAS, teams can get best-in-class application security, all in one place.
github.blog/security/fro...
February 10, 2025 at 7:23 PM
Endor Labs ❤️ GitHub
Context switching is a productivity killer. Developers live on GitHub, so #AppSec should too.
With Endor Labs Reachability-based SCA now integrated into GHAS, teams can get best-in-class application security, all in one place.
github.blog/security/fro...
Context switching is a productivity killer. Developers live on GitHub, so #AppSec should too.
With Endor Labs Reachability-based SCA now integrated into GHAS, teams can get best-in-class application security, all in one place.
github.blog/security/fro...
DeepSeek R1 is the latest open source AI model to generate a lot of buzz. Developers are trying it out, and AppSec teams may be wondering about risks.
Endor Labs can give AppSec teams data and tools to make and enforce decisions about acceptable AI risk from DeepSeek R1.
#DeepSeek #AIModels #SCA
Endor Labs can give AppSec teams data and tools to make and enforce decisions about acceptable AI risk from DeepSeek R1.
#DeepSeek #AIModels #SCA
January 29, 2025 at 4:27 PM
On Dec 13, Semgrep's license changes limited access to key security tools and community rules. Enter Opengrep: a fully open source, drop-in replacement backed by 10+ security companies.
Key benefits: no paywalls, community rules accessible, foundation governance, and easy migration!
Key benefits: no paywalls, community rules accessible, foundation governance, and easy migration!
January 23, 2025 at 7:48 PM
On Dec 13, Semgrep's license changes limited access to key security tools and community rules. Enter Opengrep: a fully open source, drop-in replacement backed by 10+ security companies.
Key benefits: no paywalls, community rules accessible, foundation governance, and easy migration!
Key benefits: no paywalls, community rules accessible, foundation governance, and easy migration!
Curious to know—how often do AppSec and CloudSec work together? Share your thoughts in the comments!
a) Often, we're the same team!
b) Sometimes, depending on work
c) Lol, who?
a) Often, we're the same team!
b) Sometimes, depending on work
c) Lol, who?
November 26, 2024 at 4:57 PM
Curious to know—how often do AppSec and CloudSec work together? Share your thoughts in the comments!
a) Often, we're the same team!
b) Sometimes, depending on work
c) Lol, who?
a) Often, we're the same team!
b) Sometimes, depending on work
c) Lol, who?
Big news! 🎉 Microsoft has natively integrated our advanced SCA within Defender for Cloud. Our integration is in Public Preview and available to try now!
www.endorlabs.com/learn/micros...
www.endorlabs.com/learn/micros...
November 20, 2024 at 6:18 PM
Big news! 🎉 Microsoft has natively integrated our advanced SCA within Defender for Cloud. Our integration is in Public Preview and available to try now!
www.endorlabs.com/learn/micros...
www.endorlabs.com/learn/micros...