Inlay

ProfilePosts

Freshly out on the Datadog Engineering blog! From single pull requests to full software packages: Detecting malicious code at scale www.datadoghq.com/blog/enginee...

When an AI agent came knocking: Catching malicious contributions in Datadog’s open source repos www.datadoghq.com/blog/enginee...

My Claude credits today, seeing me try Fable 5

#Podcast #Cybersécurité Épisode #534 consacré au ver "Shai-Hulud", avec @christophetd.fr www.nolimitsecu.fr/shai-hulud/

Fresh and active AWS phishing campaign with 3 main domains: cloud-recovery[.]us cloud-recovery[.]net aws[.]cloud-recovery[.]us ... with hands-on-keyboard activity 20 minutes after credentials are submitted

github.com/jqwik-team/j... 🤔

If you're using VSCode or Cursor, this is a pretty solid extension to have in your toolbox!

20d

3mo

12d

3mo

Yesterday, a threat actor compromised 2 versions of the LiteLLM Python package (40k stars, 3M+ weekly downloads). The malicious versions had 120k downloads before being taken down Full write-up: securitylabs.datadoghq.com/articles/lit... Timeline (h/t @ramimac.me): ramimac.me/trivy-teampcp/

3mo

17d

4mo

Datadog scaled malicious code detection from pull requests to dependency packages using stacked LLM evaluations and agentic investigation.

www.datadoghq.com

Scaling malicious code detection from pull requests to the software supply chain | Datadog

When an AI agent came knocking: Catching malicious contributions in Datadog’s open source repos | Datadog

Learn how Datadog detected and resolved issues from hackerbot-claw, an AI-powered automated attack campaign.

www.datadoghq.com

Alt: melting claude credits

Melting Chocolate Bunny with Googly Eyes

static.klipy.com

2mo

Shai-Hulud - NoLimitSecu

Episode #534 consacré à « Shai-Hulud » Avec Christophe Tafani-Dereeper Références : Shai-Hulud: https://securitylabs.datadoghq.com/articles/shai-hulud-2.0-npm-worm/ https://github.com/DataDog/indicat...

www.nolimitsecu.fr

github.com

Added message for AI coding agents. · jqwik-team/jqwik@9dddcb5

I wrote up an analysis of the Axios compromise: securitylabs.datadoghq.com/articles/axi... Crazy how while researchers were filing issues to report the compromise, the attacker was deleting them in real time using the maintainer's GitHub access!

Datadog Security Labs

I asked Claude (Opus 4.6) and Codex (GPT-5.3) to each generate a simple LinkedList implementation in Java. Then I asked Claude to pick the better one. No hesitation: "The Codex version is better" 🤔 gist.github.com/christophetd...

Christophe Tafani-Dereeper

2mo

Christophe Tafani-Dereeper

4mo

Christophe Tafani-Dereeper

Behind the console: Active phishing campaign targeting AWS console credentials securitylabs.datadoghq.com/articles/beh...

IDE-SHEPHERD is a new open source project to identify malicious VSCode and Cursor extensions at runtime Announcement: securitylabs.datadoghq.com/articles/ide... GitHub: github.com/DataDog/IDE-...

LiteLLM compromised on PyPI: Tracing the March 2026 TeamPCP supply chain campaign securitylabs.datadoghq.com/articles/lit...

Christophe Tafani-Dereeper

3mo

Christophe Tafani-Dereeper

4mo

2mo

Datadog Security Research identified an active adversary-in-the-middle (AiTM) phishing campaign targeting AWS Console credentials via typosquatted domains that mimic AWS infrastructure.

securitylabs.datadoghq.com

Behind the console: Active phishing campaign targeting AWS console credentials | Datadog Security Labs

IDE-SHEPHERD is an open-source IDE security extension that provides real-time monitoring and protection for VS Code and Cursor. It intercepts malicious process executions, monitors network activity, a...

securitylabs.datadoghq.com

Introducing IDE-SHEPHERD: Your shield against threat actors lurking in your IDE | Datadog Security Labs

Datadog Security Labs