Contextualize Prioritize and ACT ON RISK
Login
Get Access
Demo

Resources

Cyber Risk
Defenders Club Resources

Discover the latest events, conferences, research from the Phoenix Security team, and collaborative papers from the Cyber Risk Defender Club members.
Download all the whitepaper data sheets and conference material.
It’s time to build better Application Security and Cloud Security programs together

Start Guide

double arrow

Quick Start

icon

Integration Guide

icon

Integrations

icon

Manage Application

icon

Vulnerability Page

Dashboard

JOIN the CYBER RISK
DEFENDERS CLUB today

avatar

Join Phoenix Security Community

Exchange Material and get up to speed with the latest application security trends

avatar
Join our community here
avatar

White Papers​

Books-whitepaper-covers

SLA are dead long live SLA – Data driven approach on Vulnerabilities

Download
Books-whitepaper-covers

Building Resilient Application and cloud security programs 

Download
Books-whitepaper-covers

NIS2 Regulation – Impact on Vulnerability Management

Download
Books-whitepaper-covers

Vulnerability maturity model and how to implement application security and vulnerability management at scale 

Download
Dora-Books

DORA 2 Upcoming regulation on Critical resilience for Banking and Fintech 

Download
Books-whitepaper-covers

Building Application & Cloud security programs 

Download
Books-whitepaper-covers

Vulnerability Management at scale & the power of context-based prioritization

Download

Data explorers

owasp preview
Explore OWASP Vulnerability Intelligence
CWE
Explore CWE Vulnerability Intelligence
cisa top exploited vulenrabilities CISA KEV vulnerabilities used in ransomware for vulnerability management and application security program ransomware cwe
Explore CISA KEV Vulnerability Intelligence
Exploitability
Explore Exploitability Vulnerability Intelligence

Data Sheet and Reference materials

whitepaper_Dark

Tech-sheet

Download
Datasheet

Datasheet

Download
e-book

E-book

Download
video tour

Getting started video tour

Watch the video

From our Blog

devsecops, ASPM, vulnerability management, application security, exposure management, reachability analysis, attack surface management, npm supply chain, account takeover, TeamPCP, Mini Shai-Hulud, atool, AntV, jest-canvas-mock, echarts-for-react, Runner.Worker memory scraping, zero-CVE supply chain, CI/CD credential theft, bun runtime, t.m-kosche.com, SBOM
  • 25th May 2026

TrapDoor Supply Chain Campaign: Cross-Ecosystem Credential Theft and AI Assistant Poisoning via npm, PyPI, and Crates.io

TrapDoor is an active supply chain campaign hitting npm, PyPI, and Crates.io simultaneously — 34 malicious packages, 384 artifact versions, confirmed since May 19, 2026. The campaign steals SSH keys, AWS credentials, GitHub tokens, and crypto wallet keystores, while silently poisoning AI coding assistants through hidden zero-width Unicode injected into .cursorrules and CLAUDE.md files. Zero CVEs assigned. Standard scanners return zero findings.
Francesco Cipollone
devsecops, ASPM, vulnerability management, application security, exposure management, reachability analysis, attack surface management, npm supply chain, account takeover, TeamPCP, Mini Shai-Hulud, atool, AntV, jest-canvas-mock, echarts-for-react, Runner.Worker memory scraping, zero-CVE supply chain, CI/CD credential theft, bun runtime, t.m-kosche.com, SBOM
  • 25th May 2026

Laravel Lang Composer supply chain compromise: RCE backdoor force-pushed across 700+ git tags

An attacker with push access to the Laravel-Lang GitHub organization force-rewrote 700+ git tags across 4 Composer packages on May 22, 2026, injecting an RCE backdoor that fires on every PHP application boot. No CVE was assigned — version pinning offered zero protection. The attack stole CI/CD, cloud, and Kubernetes credentials in 3.16 seconds flat.
Francesco Cipollone
devsecops, ASPM, vulnerability management, application security, exposure management, reachability analysis, attack surface management, npm supply chain, account takeover, TeamPCP, Mini Shai-Hulud, atool, AntV, jest-canvas-mock, echarts-for-react, Runner.Worker memory scraping, zero-CVE supply chain, CI/CD credential theft, bun runtime, t.m-kosche.com, SBOM
  • 22nd May 2026

MEGALODON_CI: Automated GitHub Actions Workflow Poisoning and CI/CD Credential Harvesting at Scale

MEGALODON_CI is an active zero-CVE campaign poisoning GitHub Actions workflow files across 3,500+ confirmed public repositories. Automated commits inject a base64-encoded credential harvester that exfiltrates AWS, GCP, and Azure secrets, OIDC tokens, SSH keys, and package registry credentials in a single runner execution. No CVE exists — every traditional scanner is blind to it.
Francesco Cipollone
devsecops, ASPM, vulnerability management, application security, exposure management, reachability analysis, attack surface management, npm supply chain, account takeover, TeamPCP, Mini Shai-Hulud, atool, AntV, jest-canvas-mock, echarts-for-react, Runner.Worker memory scraping, zero-CVE supply chain, CI/CD credential theft, bun runtime, t.m-kosche.com, SBOM
  • 20th May 2026

GitHub Internal Repository Breach via Poisoned VS Code Extension (May 2026): TeamPCP Exfiltrates 3,800 Repos Through the Developer Trust Surface

TeamPCP (UNC6780) breached GitHub’s internal infrastructure on May 19–20, 2026 through a poisoned VS Code extension that ran silently on a developer’s endpoint and exfiltrated approximately 3,800 internal repositories. The attack produced no CVE. Standard CVE-feed scanners, SCA tools, and signed-provenance checks all missed it. This is exactly the zero-CVE developer trust surface gap Phoenix Blue Intelligence and Phoenix Blue Shield are built to close.
Francesco Cipollone
devsecops, ASPM, vulnerability management, application security, exposure management, reachability analysis, attack surface management, npm supply chain, account takeover, TeamPCP, Mini Shai-Hulud, atool, AntV, jest-canvas-mock, echarts-for-react, Runner.Worker memory scraping, zero-CVE supply chain, CI/CD credential theft, bun runtime, t.m-kosche.com, SBOM
  • 20th May 2026

TeamPCP Wave Four: GitHub Breach via Poisoned VS Code Extension, durabletask PyPI Worm, and ~4,000 Internal Repositories Exfiltrated

TeamPCP’s Mini Shai-Hulud worm hit GitHub and PyPI simultaneously on May 19–20, 2026. Three backdoored versions of durabletask — Microsoft’s Azure Python SDK with 417,000 monthly downloads — were published and yanked within hours. A poisoned VS Code extension on a GitHub employee device led to the exfiltration of ~3,800 internal repositories, now listed for sale at $50,000. Zero CVEs exist across the entire nine-week campaign. Traditional scanners have no record of any of it.
Francesco Cipollone
devsecops, ASPM, application security, vulnerability management, exposure management, reachability analysis, attack surface management, supply chain attack, npm malware, PyPI malware, TanStack supply chain attack, OpenAI Mini Shai-Hulud, Mistral AI compromise, TeamPCP, FIRESCALE, BreachForums contest, Shai-Hulud, Mini Shai-Hulud, Phantom Bot, npm typosquatting, infostealer, zero-CVE gap, malicious npm packages, supply chain copycat, code-signing certificate rotation, PHX-Neural, behavioral package scanning, nicegui PyPI
  • 18th May 2026

Mini Shai-Hulud Copycats and the TanStack Wave: OpenAI Hit, Mistral Extorted, and Four Copycat npm Packages Hit the Registry

OpenAI has disclosed two employee devices were compromised in the May 11, 2026 Mini Shai-Hulud TanStack supply chain attack, with internal source code repositories accessed and iOS, macOS, and Windows code-signing certificates rotated. Mistral AI confirmed one developer device was hit and is facing a $25,000 TeamPCP extortion demand for an alleged 5 GB source code leak. Days later, TeamPCP launched a $1,000 Monero “supply chain attack contest” on BreachForums with the Shai-Hulud worm source code attached, and OX Security disclosed the first observed copycat campaign from a new actor publishing four malicious npm packages. Phoenix Security’s PHX-Neural scanner has independently flagged a 174,659-weekly-download PyPI package (nicegui 3.12.0) with a 100/100 behavioral score and full Shai-Hulud-aligned ATT&CK coverage. This article covers the upstream TanStack wave, the named victim disclosures, the TeamPCP infrastructure aging analysis, the technical breakdown of the four copycat packages, and the PHX-Neural behavioral evidence on the adjacent PyPI signal.
Francesco Cipollone
devsecops, ASPM, application security, vulnerability management, exposure management, reachability analysis, attack surface management, supply chain attack, npm malware, Mini Shai-Hulud, SAP CAP compromise, mbt npm, Bun runtime malware, Claude Code persistence, GitHub Actions credential theft, OIDC trusted publishing, npm worm, sandworm
  • 30th April 2026

Mini Shai-Hulud: SAP CAP and mbt npm Packages Backdoored via Bun-Loaded Credential Stealer with Claude Code Persistence

A coordinated npm supply chain attack hit SAP’s Cloud Application Programming Model toolchain on April 29, 2026, branding itself “Mini Shai-Hulud.” Four packages totalling 570,000 weekly downloads were poisoned in a 2-hour window. The payload uses Bun as a runtime to evade Node.js detection, pulls 134 credential paths from infected hosts, dumps GitHub Actions runner memory, and persists through Claude Code SessionStart hooks and VS Code tasks.json folderOpen triggers. Over 1,197 victim repositories were live on GitHub within hours. Zero CVEs assigned.
Francesco Cipollone
  • 24th April 2026

Bitwarden CLI Backdoored: Shai-Hulud Returns Through a 93-Minute npm Window

Between 21:57 and 23:30 UTC on April 22, 2026, a malicious @bitwarden/cli@2026.4.0 was live on npm for 93 minutes — long enough to reach CI/CD pipelines, developer workstations, and cloud automation hosts. The payload steals credentials across GitHub, AWS, GCP, and Azure, propagates as a self-replicating npm worm, injects GitHub Actions workflow stealers, and poisons AI coding assistants by injecting an invisible manifesto into shell configuration files. This is the first documented npm supply chain attack executed through Trusted Publishing.
Francesco Cipollone
View all blog posts

Talks

View more

Quick Start

23 Videos

Video resources

View more

Quick Start

6 Videos

Community Podcast on Application Security & Cloud Security

Join us as we dive into the future of Application Security (AppSec) and Vulnerability Management with James Berthoty. Discover insights on the evolution of AppSec, challenges in managing software vulnerabilities, and the role of Application Security Posture Management (ASPM) in today’s API-driven cloud environment. Listen now for expert analysis and practical solutions in cybersecurity.

  • 28th July 2024

CSCP S4EP19 – James Berthoty – What The heck is ASPM and the evolution of Product Security

Join us as we dive into the future of Application Security (AppSec) and Vulnerability Management with James Berthoty. Discover insights on the evolution of AppSec, challenges in managing software vulnerabilities, and the role of Application Security Posture Management (ASPM) in today’s API-driven cloud environment. Listen now for expert analysis and practical solutions in cybersecurity.
CSCP S4EP18 - Marius Poskus

  • 7th July 2024

CSCP S4EP18 – Marius Poskus – Who mention about non-technical CISO – ASPM and Running application security programs from a CISO perspective

Explore the evolving landscape of application security and ASPM with Marius Poskus, VP at Glow Financial Services. Discover insights on the adoption of open-source code and AI, cultural shifts for DevSecOps, and challenges in maintaining consistent security programs. Sponsored by Phoenix Security, leaders in vulnerability management. Listen now for strategic approaches to managing application security and prioritizing critical issues to align with business goals. #Cybersecurity #AppSec #ProductSecurity #ASPM
Join cybersecurity expert Adam Shostack on the Cybersecurity and Cloud Podcast as he discusses Application Security Posture Management (ASPM), threat modeling, and proactive strategies for enhancing software security. Learn about the impact of government regulations, CISA’s approaches to vulnerability management, and balancing security with profit. Don't miss these insights to stay ahead in the cybersecurity landscape.

  • 16th June 2024

CSCP S4EP17 – Adam Shostack – Threat modelling in past and future with Adam Shostack from vulnerability to ASPM and modern application security

Join cybersecurity expert Adam Shostack on the Cybersecurity and Cloud Podcast as he discusses Application Security Posture Management (ASPM), threat modeling, and proactive strategies for enhancing software security. Learn about the impact of government regulations, CISA’s approaches to vulnerability management, and balancing security with profit. Don’t miss these insights to stay ahead in the cybersecurity landscape.
CSCP-S4EP16

  • 26th May 2024

CSCP S4EP16 – Irene Michlin – Threat Modelling in the Age of AI

“Discover the crucial role of threat modeling in application security with insights from Irene Michlin, application security lead at Neo4j. Learn how integrating developer perspectives and leveraging AI can enhance your security practices. Join the conversation on the Cybersecurity and Cloud Podcast and explore actionable strategies for robust application security. #Cybersecurity #ThreatModeling #ApplicationSecurity #AI #DevSecOps”

  • 12th May 2024

CSCP S4EP15 – Akira Brand – Singing the Tune of Application Security with Akira Brand

Delve into Application Security Program Management (ASPM) with Akira Brand on the Cybersecurity and Cloud Podcast. Discover how her unique opera background enriches her approach to security, enhancing application safety in a cloud-driven world. Tune in for expert insights on evolving AppSec to product security, the critical role of threat modeling, and strategies for building a resilient security culture.
View all podcasts

Start doing what matters today

Listen to the latest Phoenix Security  podcast

Listen to the latest Phoenix Security podcast

Read More
Guides

Get Started with Phoenix Security

Read More
News

Read the latest Phoenix Security news

Read More
Blog

Read the latest Blogs

Read More
Events

Discover our events

Read More
Talks

Explore the talks

Read More
Whitepapers

Discover Whitepapers

Read More
News

Read the latest News

Read More
Videos

Discover video resources

Learn More

Get in control

More than 1000 Users and 350 Organizations trust us

ACT Now
Request a demo
Dashboard

3 critical zero-days. 1 exploit chain. Claude Code. Phoenix Security found what Anthropic missed →

Derek

Derek Fisher

Linkedin

Head of product security at a global fintech

Derek Fisher – Head of product security at a global fintech. Speaker, instructor, and author in application security.

Derek is an award winning author of a children’s book series in cybersecurity as well as the author of “The Application Security Handbook.” He is a university instructor at Temple University where he teaches software development security to undergraduate and graduate students. He is a speaker on topics in the cybersecurity space and has led teams, large and small, at organizations in the healthcare and financial industries. He has built and matured information security teams as well as implemented organizational information security strategies to reduce the organizations risk.

Derek got his start in the hardware engineering space where he learned about designing circuits and building assemblies for commercial and military applications. He later pursued a computer science degree in order to advance a career in software development. This is where Derek was introduced to cybersecurity and soon caught the bug. He found a mentor to help him grow in cybersecurity and then pursued a graduate degree in the subject.

Since then Derek has worked in the product security space as an architect and leader. He has led teams to deliver more secure software in organizations from multiple industries. His focus has been to raise the security awareness of the engineering organization while maintaining a practice of secure code development, delivery, and operations.

In his role, Jeevan handles a range of tasks, from architecting security solutions to collaborating with Engineering Leadership to address security vulnerabilities at scale and embed security into the fabric of the organization.

Jeevan Singh

Jeevan Singh

Linkedin

Founder of Manicode Security

Jeevan Singh is the Director of Security Engineering at Rippling, with a background spanning various Engineering and Security leadership roles over the course of his career. He’s dedicated to the integration of security practices into software development, working to create a security-aware culture within organizations and imparting security best practices to the team.
In his role, Jeevan handles a range of tasks, from architecting security solutions to collaborating with Engineering Leadership to address security vulnerabilities at scale and embed security into the fabric of the organization.

James

James Berthoty

Linkedin

Founder of Latio Tech

James Berthoty has over ten years of experience across product and security domains. He founded Latio Tech to help companies find the right security tools for their needs without vendor bias.

christophe

Christophe Parisel

Linkedin

Senior Cloud Security Architect

Senior Cloud Security Architect

Chris

Chris Romeo

Linkedin

Co-Founder
Security Journey

Chris Romeo is a leading voice and thinker in application security, threat modeling, and security champions and the CEO of Devici and General Partner at Kerr Ventures. Chris hosts the award-winning “Application Security Podcast,” “The Security Table,” and “The Threat Modeling Podcast” and is a highly rated industry speaker and trainer, featured at the RSA Conference, the AppSec Village @ DefCon, OWASP Global AppSec, ISC2 Security Congress, InfoSec World and All Day DevOps. Chris founded Security Journey, a security education company, leading to an exit in 2022. Chris was the Chief Security Advocate at Cisco, spreading security knowledge through education and champion programs. Chris has twenty-six years of security experience, holding positions across the gamut, including application security, security engineering, incident response, and various Executive roles. Chris holds the CISSP and CSSLP certifications.

jim

Jim Manico

Linkedin

Founder of Manicode Security

Jim Manico is the founder of Manicode Security, where he trains software developers on secure coding and security engineering. Jim is also the founder of Brakeman Security, Inc. and an investor/advisor for Signal Sciences. He is the author of Iron-Clad Java: Building Secure Web Applications (McGraw-Hill), a frequent speaker on secure software practices, and a member of the JavaOne Rockstar speaker community. Jim is also a volunteer for and former board member of the OWASP foundation.

Join our Mailing list!

Get all the latest news, exclusive deals, and feature updates.

The IKIGAI concept
Protected By
Shield Security PRO