Risk Research & Threat Insights | Koi

Featured

How We Prevented Cursor, Windsurf & Google Antigravity from Recommending Malware

Oren Yomtov

,

,

January 6, 2026

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.

How We Prevented Cursor, Windsurf & Google Antigravity from Recommending Malware

Oren Yomtov

,

,

January 6, 2026

DarkSpectre: Unmasking the Threat Actor Behind 8.8 Million Infected Browsers

Tuval Admoni

,

Gal Hachamov

,

December 30, 2025

GlassWorm Goes Mac: Fresh Infrastructure, New Tricks

Gal Hachamov

,

,

December 29, 2025

Trust Wallet Compromised: Inside the Code That Stole $7M on Christmas Eve

Oren Yomtov

,

Yuval Ronen

,

December 26, 2025

NPM Package With 56K Downloads Caught Stealing WhatsApp Messages

Tuval Admoni

,

,

December 21, 2025

Inside GhostPoster: How a PNG Icon Infected 50,000 Firefox Users

Lotan Sery

,

Noga Gouldman

,

December 16, 2025

8 Million Users' AI Conversations Sold for Profit by "Privacy" Extensions

Idan Dardikman

,

,

December 15, 2025

GlassWorm Goes Native: Same Infrastructure, Hardened Delivery

Lotan Sery

,

,

December 10, 2025

The VS Code Malware That Captures Your Screen

Idan Dardikman

,

,

December 8, 2025

4.3 Million Browsers Infected: Inside ShadyPanda's 7-Year Malware Campaign

Tuval Admoni

,

,

December 1, 2025

Two Years, 17K Downloads: The NPM Malware That Tried to Gaslight Security Scanners

Yuval Ronen

,

,

November 30, 2025

When Claude Becomes a Cyber-Weapon: The AI Arms Race Has Begun

Idan Dardikman

,

,

November 14, 2025

GlassWorm Returns: New Wave Strikes as We Expose Attacker Infrastructure

Idan Dardikman

,

Yuval Ronen

,

Lotan Sery

November 6, 2025

PromptJacking: The Critical RCEs in Claude Desktop That Turn Questions Into Exploits

Oren Yomtov

,

,

November 5, 2025

PhantomRaven: NPM Malware Hidden in Invisible Dependencies

Oren Yomtov

,

Idan Dardikman

,

October 29, 2025

GlassWorm: First Self-Propagating Worm Using Invisible Code Hits OpenVSX Marketplace

Idan Dardikman

,

,

October 18, 2025

TigerJack's Extensions Continue to Rob Developers Blind Across Different Marketplaces

Tuval Admoni

,

,

October 13, 2025

Command Injection Flaw in Framelink Figma MCP Server Puts Nearly 1 Million Downloads at Risk

Lotan Sery

,

Idan Dardikman

,

October 10, 2025

Embracing a New Domain Name: koi.ai 🪩

Amit Assaraf

,

,

October 4, 2025

MCP Malware Wave Continues: A Remote Shell in Disguise

Tuval Admoni

,

,

September 30, 2025

First Malicious MCP in the Wild: The Postmark Backdoor That's Stealing Your Emails

Idan Dardikman

,

,

September 25, 2025

WhiteCobra's Playbook Exposed: Critical Mistake Reveals 24-Extension Campaign Targeting VS Code and Cursor

Yuval Ronen

,

,

September 13, 2025

Koi Raises $48M to Reinvent Endpoint Security for the Modern Software Stack

Amit Assaraf

,

,

September 10, 2025

The Package Poisoner: How 2.5 Billion Weekly Downloads Were Compromised in npm's Largest Supply Chain Attack

Idan Dardikman

,

Yuval Ronen

,

September 8, 2025

SpyVPN: The Google-Featured VPN That Secretly Captures Your Screen

Lotan Sery

,

,

August 19, 2025

GreedyBear: 650 Attack Tools, One Coordinated Campaign

Tuval Admoni

,

,

August 8, 2025

Amazon’s AI Assistant Almost Nuked A Million Developer’s Production Environments

Idan Dardikman

,

,

July 25, 2025

Google and Microsoft Trusted Them. 2.3 Million Users Installed Them. They Were Malware.

Idan Dardikman

,

,

July 8, 2025

When Both Marketplaces Fall: The Cross-Platform Extension Malware Campaign

Amit Assaraf

,

,

July 2, 2025

FoxyWallet: 40+ Malicious Firefox Extensions Exposed

Yuval Ronen

,

,

July 2, 2025

Marketplace Takeover: How We Could’ve Taken Over Every Developer Using a VSCode Fork; Putting Millions at Risk

Oren Yomtov

,

,

June 26, 2025

Trust Me, I’m Local: Chrome Extensions, MCP, and the Sandbox Escape

Yuval Ronen

,

,

April 24, 2025

Mining in Plain Sight: The VS Code Extension Cryptojacking Campaign

Yuval Ronen

,

,

April 7, 2025

A Month Of Malware In The Chrome Web Store

Amit Assaraf

,

,

April 3, 2025

A Wolf in Dark Mode: The Malicious VS Code Theme That Fooled Millions

Amit Assaraf

,

Idan Dardikman

,

Oren Yomtov

February 26, 2025

When Chrome Extensions Turn Against Us: The Cyberhaven Breach and Beyond

Amit Assaraf

,

,

December 30, 2024

VSCode Extension Trivia: Real or Cake?

Amit Assaraf

,

,

December 18, 2024

5/6 | Breaking the Internet: The Aftermath Of Our Research

Amit Assaraf

,

,

June 22, 2024

4/6 | Introducing ExtensionTotal: How to Assess Risk in VS Code Extensions

Amit Assaraf

,

,

June 6, 2024

3/6 | A Letter to Microsoft: Uncovering Design Flaws of Visual Studio Code Extensions

Amit Assaraf

,

,

June 3, 2024

2/6 | Exposing Malicious Extensions: Shocking Statistics from the VS Code Marketplace

Amit Assaraf

,

,

June 2, 2024

1/6 | How We Hacked Multi-Billion Dollar Companies in 30 Minutes Using a Fake VSCode Extension

Amit Assaraf

,

,

May 12, 2024

Live Updates: Shai-Hulud, The Most Dangerous NPM Breach In History Affecting CrowdStrike and Hundreds of Popular Packages

Idan Dardikman

,

Yuval Ronen

,

September 16, 2025

load more