@safetycli.bsky.social
Big shout out to @anthropic.com for their recent $1.5m donation to the @python.org Foundation to help secure the @pypi.org ecosystem. Great stuff!
pyfound.blogspot.com/2025/12/anth...
pyfound.blogspot.com/2025/12/anth...
Anthropic invests $1.5 million in the Python Software Foundation and open source security
pyfound.blogspot.com
January 19, 2026 at 3:33 AM
Big shout out to @anthropic.com for their recent $1.5m donation to the @python.org Foundation to help secure the @pypi.org ecosystem. Great stuff!
pyfound.blogspot.com/2025/12/anth...
pyfound.blogspot.com/2025/12/anth...
Do you use @polymarket.bsky.social or integrate with their platform? If so, watch out as threat actors are targeting their users with a malicious NPM package: polymarket-clob. Read more here: getsafety.com/blog-posts/p...
Malicious NPM package targets Polymarket crypto ecosystem
A malicious npm package disguised as a Polymarket trading library that silently steals cryptocurrency wallet files and private keys to drain victims cryptocurrencies
getsafety.com
January 7, 2026 at 2:48 AM
Do you use @polymarket.bsky.social or integrate with their platform? If so, watch out as threat actors are targeting their users with a malicious NPM package: polymarket-clob. Read more here: getsafety.com/blog-posts/p...
The Safety research team just dropped a killer blog post where we identify eleven malicious NPM packages that are part of the latest Shai-hulud worm campaign. Check it out at getsafety.com/blog-posts/s...
Shai-Hulud 3.0: A Confusing Iteration To The Worm
Shai-hulud part III:
getsafety.com
January 5, 2026 at 2:14 AM
The Safety research team just dropped a killer blog post where we identify eleven malicious NPM packages that are part of the latest Shai-hulud worm campaign. Check it out at getsafety.com/blog-posts/s...
The Safety research team has identified a new NPM based malware we are calling "Integrator-Filescrypt". This campaign uses a unique "cloaking" technique to hide from researchers and cloud providers. It's sneaky & very effective. Read more on our blog: www.getsafety.com/blog-posts/n...
NPM Malware Uses “Cloaking” Technology to Target StandX and Uniswap Users
A NPM malware campaign “Integrator-Filescrypt
www.getsafety.com
November 18, 2025 at 11:56 PM
The Safety research team has identified a new NPM based malware we are calling "Integrator-Filescrypt". This campaign uses a unique "cloaking" technique to hide from researchers and cloud providers. It's sneaky & very effective. Read more on our blog: www.getsafety.com/blog-posts/n...