Contextualize Prioritize and ACT ON RISK
Login
Get Access
Demo

blog

Infosecurity Europe 2024: What a great event to reconnect with friends, community, sign books

Infosec europe singing

Wow, Infosec Europe was already there a month ago! Let’s take a break from all the Crowdstrike noise!

Infosecurity Europe 2024 in London was a great event; we had one of the busiest booths in the innovation zone with Phoenix Security | ASPM. We succeeded because we provided a platform to connect with the cybersecurity community, share our expertise, and celebrate community achievement. The book signing and the two talks on threat intelligence and initiatives underscored our commitment to community engagement and innovation in Application Security Posture Management (ASPM) and vulnerability management.

Celebrating Community Engagement

Honoured that Phoenix Security was a Finalist: Being selected as a finalist in the Most Innovative Cyber SME Competition was a significant milestone for us. This recognition highlights our relentless pursuit of cybersecurity innovation and solidifies our reputation as a leading player in the industry.

Charity Over Swag: In a move that resonated deeply with attendees, we adopted a “No Swag, No Problem” policy. Instead of distributing promotional items, we invited visitors to choose a charity for Phoenix Security to support.

This initiative allowed us to give back to the community and make a positive impact, aligning with our values of corporate responsibility and social good.

Despite the offer, we got little traction on this. 🙁 But socks made of bamboo and other recycled materials enabled us to keep the impact low

Book Signing Event: A Highlight of Infosecurity Europe

Our book signing event was one of the most anticipated activities at Infosecurity Europe. Featuring two prominent authors in the cybersecurity field, the event attracted a large crowd of enthusiasts and professionals eager to gain insights and get their copies signed.

Had the pleasure and honour to share toughts with some of the leaders featured in New York

It was great to present

It was a great event all around, and it was a pleasure to connect with all of you next year!

Great meeting all of you

Picture of Francesco Cipollone

Francesco Cipollone

Francesco is an internationally renowned public speaker, with multiple interviews in high-profile publications (eg. Forbes), and an author of numerous books and articles, who utilises his platform to evangelize the importance of Cloud security and cutting-edge technologies on a global scale.
21st July 2024
Francesco is an internationally renowned public speaker, with multiple interviews in high-profile publications (eg. Forbes), and an author of numerous books and articles, who utilises his platform to evangelize the importance of Cloud security and cutting-edge technologies on a global scale.

Discuss this blog with our community on Slack

Join our AppSec Phoenix community on Slack to discuss this blog and other news with our professional security team

Join Slack community
Linkedin-in Youtube Facebook-f Twitter Instagram

From our Blog

  • 24th June 2026

Close the Tap, Burn the Backlog: The Control Framework Behind Agentic SDLC Security

Francesco Cipollone
Dark navy infographic depicting an npm dependency node tree. A single node labelled "easy-day-js" is cracked open to reveal a red-orange payload interior, with a Fiery Sunset gradient contamination line tracing upward through @mastra parent packages. Text overlay reads "144 PACKAGES. ZERO CVE. YOUR INSTALL RAN THE RAT." Phoenix Security logo top-right.
  • 17th June 2026

easy-day-js / EASY_DAY_JS_MASTRA_2026: Typosquatted Dependency Delivers Cross-Platform RAT to 144 npm Packages

A typosquatted npm dependency called easy-day-js — an exact metadata clone of the legitimate dayjs library — was injected across 144 @mastra packages in an 88-minute automated publishing window, reaching over 1.1 million weekly downloads. The second-stage payload is a cross-platform RAT that installs OS-level persistence on Windows, macOS, and Linux and targets LLM API keys, cloud credentials, and 166 cryptocurrency wallet extensions. No CVE was assigned; every CVE-based scanner was blind during active exploitation.
Sarah Mitchell
Blue Shield supply chain firewall: a luminous blue shield intercepts a compromised npm dependency node in a package graph, blocking the install path before malicious code reaches the agent, workstation, or CI/CD pipeline.
  • 17th June 2026

The supply chain is under sustained attack. Phoenix Security launches Blue Shield to close the door

Phoenix Security has launched Blue Shield, a behavioural supply chain firewall that blocks malicious packages and AI agent skills at the point of install — across the developer workstation, CI/CD pipeline, and agent session. Built on the Phoenix Blue intelligence backbone, which has tracked 59 campaigns and 657 malicious package versions since June 2024 with zero CVEs assigned during active exploitation, Blue Shield’s free core tier is open today at phxintel.security
Francesco Cipollone
  • 10th June 2026

Miasma. The Worm That Lives Inside Your AI Tools

TeamPCP (UNC6780) released Miasma in June 2026: a self-spreading worm that injects itself into the SessionStart hooks of 13 AI coding tools including Claude Code, GitHub Copilot, and Gemini CLI. It forges SLSA provenance signatures to pass npm audit checks, uses GitHub itself as a command-and-control channel, and carries a DEADMAN_SWITCH that wipes developer machines if tokens are revoked before network isolation. Zero CVEs assigned. Every standard scanner returns clean.
Francesco Cipollone
  • 10th June 2026

Miasma Worm Reaches Microsoft Azure and PyPI: 73 Repositories Disabled, Hades Wave Drops 37 Malicious Python Wheels

The Miasma worm crossed two new boundaries in 48 hours: GitHub’s automated enforcement disabled 73 Microsoft repositories in 105 seconds after AI coding agent hooks were planted in Azure/durabletask, then 37 malicious PyPI wheels hit 19 packages with .pth startup hooks that steal credentials on every Python invocation. 448 total artifacts tracked. Zero CVEs assigned across the entire campaign.
Marcus Webb

3 critical zero-days. 1 exploit chain. Claude Code. Phoenix Security found what Anthropic missed →

Derek

Derek Fisher

Linkedin

Head of product security at a global fintech

Derek Fisher – Head of product security at a global fintech. Speaker, instructor, and author in application security.

Derek is an award winning author of a children’s book series in cybersecurity as well as the author of “The Application Security Handbook.” He is a university instructor at Temple University where he teaches software development security to undergraduate and graduate students. He is a speaker on topics in the cybersecurity space and has led teams, large and small, at organizations in the healthcare and financial industries. He has built and matured information security teams as well as implemented organizational information security strategies to reduce the organizations risk.

Derek got his start in the hardware engineering space where he learned about designing circuits and building assemblies for commercial and military applications. He later pursued a computer science degree in order to advance a career in software development. This is where Derek was introduced to cybersecurity and soon caught the bug. He found a mentor to help him grow in cybersecurity and then pursued a graduate degree in the subject.

Since then Derek has worked in the product security space as an architect and leader. He has led teams to deliver more secure software in organizations from multiple industries. His focus has been to raise the security awareness of the engineering organization while maintaining a practice of secure code development, delivery, and operations.

In his role, Jeevan handles a range of tasks, from architecting security solutions to collaborating with Engineering Leadership to address security vulnerabilities at scale and embed security into the fabric of the organization.

Jeevan Singh

Jeevan Singh

Linkedin

Founder of Manicode Security

Jeevan Singh is the Director of Security Engineering at Rippling, with a background spanning various Engineering and Security leadership roles over the course of his career. He’s dedicated to the integration of security practices into software development, working to create a security-aware culture within organizations and imparting security best practices to the team.
In his role, Jeevan handles a range of tasks, from architecting security solutions to collaborating with Engineering Leadership to address security vulnerabilities at scale and embed security into the fabric of the organization.

James

James Berthoty

Linkedin

Founder of Latio Tech

James Berthoty has over ten years of experience across product and security domains. He founded Latio Tech to help companies find the right security tools for their needs without vendor bias.

christophe

Christophe Parisel

Linkedin

Senior Cloud Security Architect

Senior Cloud Security Architect

Chris

Chris Romeo

Linkedin

Co-Founder
Security Journey

Chris Romeo is a leading voice and thinker in application security, threat modeling, and security champions and the CEO of Devici and General Partner at Kerr Ventures. Chris hosts the award-winning “Application Security Podcast,” “The Security Table,” and “The Threat Modeling Podcast” and is a highly rated industry speaker and trainer, featured at the RSA Conference, the AppSec Village @ DefCon, OWASP Global AppSec, ISC2 Security Congress, InfoSec World and All Day DevOps. Chris founded Security Journey, a security education company, leading to an exit in 2022. Chris was the Chief Security Advocate at Cisco, spreading security knowledge through education and champion programs. Chris has twenty-six years of security experience, holding positions across the gamut, including application security, security engineering, incident response, and various Executive roles. Chris holds the CISSP and CSSLP certifications.

jim

Jim Manico

Linkedin

Founder of Manicode Security

Jim Manico is the founder of Manicode Security, where he trains software developers on secure coding and security engineering. Jim is also the founder of Brakeman Security, Inc. and an investor/advisor for Signal Sciences. He is the author of Iron-Clad Java: Building Secure Web Applications (McGraw-Hill), a frequent speaker on secure software practices, and a member of the JavaOne Rockstar speaker community. Jim is also a volunteer for and former board member of the OWASP foundation.

Join our Mailing list!

Get all the latest news, exclusive deals, and feature updates.

The IKIGAI concept
Protected By
Shield Security PRO