Inlay

//

Profile

Loading...

#Podcast #Cybersécurité Épisode #534 consacré au ver "Shai-Hulud", avec @christophetd.fr www.nolimitsecu.fr/shai-hulud/

When an AI agent came knocking: Catching malicious contributions in Datadog’s open source repos www.datadoghq.com/blog/enginee...

Freshly out on the Datadog Engineering blog! From single pull requests to full software packages: Detecting malicious code at scale www.datadoghq.com/blog/enginee...

I wrote up an analysis of the Axios compromise: securitylabs.datadoghq.com/articles/axi... Crazy how while researchers were filing issues to report the compromise, the attacker was deleting them in real time using the maintainer's GitHub access!

My Claude credits today, seeing me try Fable 5

github.com/jqwik-team/j... 🤔

Fresh and active AWS phishing campaign with 3 main domains: cloud-recovery[.]us cloud-recovery[.]net aws[.]cloud-recovery[.]us ... with hands-on-keyboard activity 20 minutes after credentials are submitted

3mo

20d

3mo

Yesterday, a threat actor compromised 2 versions of the LiteLLM Python package (40k stars, 3M+ weekly downloads). The malicious versions had 120k downloads before being taken down Full write-up: securitylabs.datadoghq.com/articles/lit... Timeline (h/t @ramimac.me): ramimac.me/trivy-teampcp/

I asked Claude (Opus 4.6) and Codex (GPT-5.3) to each generate a simple LinkedList implementation in Java. Then I asked Claude to pick the better one. No hesitation: "The Codex version is better" 🤔 gist.github.com/christophetd...

If you're using VSCode or Cursor, this is a pretty solid extension to have in your toolbox!

2mo

12d

17d

3mo

2mo

4mo

Datadog Security Labs

Christophe Tafani-Dereeper

Alt: melting claude credits

static.klipy.com

Melting Chocolate Bunny with Googly Eyes

github.com

Added message for AI coding agents. · jqwik-team/jqwik@9dddcb5

Datadog scaled malicious code detection from pull requests to dependency packages using stacked LLM evaluations and agentic investigation.

Scaling malicious code detection from pull requests to the software supply chain | Datadog

www.datadoghq.com

Learn how Datadog detected and resolved issues from hackerbot-claw, an AI-powered automated attack campaign.

www.datadoghq.com

When an AI agent came knocking: Catching malicious contributions in Datadog’s open source repos | Datadog

Episode #534 consacré à « Shai-Hulud » Avec Christophe Tafani-Dereeper Références : Shai-Hulud: https://securitylabs.datadoghq.com/articles/shai-hulud-2.0-npm-worm/ https://github.com/DataDog/indicat...

www.nolimitsecu.fr

Shai-Hulud - NoLimitSecu

Behind the console: Active phishing campaign targeting AWS console credentials securitylabs.datadoghq.com/articles/beh...

IDE-SHEPHERD is a new open source project to identify malicious VSCode and Cursor extensions at runtime Announcement: securitylabs.datadoghq.com/articles/ide... GitHub: github.com/DataDog/IDE-...

LiteLLM compromised on PyPI: Tracing the March 2026 TeamPCP supply chain campaign securitylabs.datadoghq.com/articles/lit...

3mo

4mo

2mo

Datadog Security Labs

IDE-SHEPHERD is an open-source IDE security extension that provides real-time monitoring and protection for VS Code and Cursor. It intercepts malicious process executions, monitors network activity, a...

securitylabs.datadoghq.com

Introducing IDE-SHEPHERD: Your shield against threat actors lurking in your IDE | Datadog Security Labs

Behind the console: Active phishing campaign targeting AWS console credentials | Datadog Security Labs

Datadog Security Research identified an active adversary-in-the-middle (AiTM) phishing campaign targeting AWS Console credentials via typosquatted domains that mimic AWS infrastructure.

securitylabs.datadoghq.com