Xygeni Blog

Must-Read Posts

open-source packages

Protecting Against Open Source Malicious Packages: What Does (Not) Work

Malicious Packages 5

Anatomy of Malicious Packages: What Are the Trends?

Open Source Malicious Packages: The Problem

XZ Backdoor Attack

XZ Backdoor: “That was a close one”

what is cve in cyber security - cve security - cve in cyber security

Open-Source Security

CVE Security Under Pressure: Navigating Challenges and Strengthening Vulnerability Management in DevSecOps

September 10, 2025

application security audit - open source audit - open source audit software - open source software audit - open source security audit tools

Open-Source Security

How to Build an Application Security Audit Program That Works: A Practical Guide for DevSecOps

September 9, 2025

terraform software -terraform security - terraform iac

IaC

Terraform Software: Key FAQs

September 9, 2025

Attacks Analysis

MITRE ATT&CK Framework Explained for Developers

September 2, 2025

jumping shell - bin/bash - escape restricted shell

CI CD Security

Jumping Shell: How Attackers Escape Restricted Shells to /bin/bash

August 29, 2025

package-lock.json - package lock json - npm typosquatting

CI CD Security

Package-Lock.json Typo: How It Can Hijack Your Build

August 29, 2025

python try catch - try catch python - try catch block

CI CD Security

Python Try Catch Blocks: When Error Handling Becomes a Risk

August 29, 2025

docker-compose.yml - docker-compose secrets

Secrets Security

Why Docker-compose.yml Is a Security Risk Surface?

August 28, 2025

JavaScript Obfuscator - JavaScript deobfuscator - JavaScript malware

CI CD Security

Why JavaScript Obfuscator Tools Are Abused by Attackers (And How to Detect Them)

August 28, 2025

attack surface management - attack surface -external attack surface management

ASPM

Attack Surface Management in DevSecOps

August 28, 2025

CISA SBOM - SBOM Minimum Elements - SBOM standards - software risk management

Open-Source Security

CISA SBOM 2025: Updates, Standards, and Compliance

August 27, 2025

AI Automated Vulnerability Remediation - code autofix - application security automation - automated application security testing

Code Security

AI Automated Vulnerability Remediation: Black Hat Replay

August 27, 2025