🐼 4.3 Million Browsers Infected: Inside ShadyPanda's 7-Year Malware Campaign
Read now

Filter by

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Koi Research

Command Injection Flaw in Framelink Figma MCP Server Puts Nearly 1 Million Downloads at Risk

Lotan Sery

,

Idan Dardikman

,

October 10, 2025

Company News

Embracing a New Domain Name: koi.ai 🪩

Amit Assaraf

,

,

October 4, 2025

Koi Research

MCP Malware Wave Continues: A Remote Shell in Disguise

Tuval Admoni

,

,

September 30, 2025

Koi Research

First Malicious MCP in the Wild: The Postmark Backdoor That's Stealing Your Emails

Idan Dardikman

,

,

September 25, 2025

Koi Research
Security Insights

Live Updates: Shai-Hulud, The Most Dangerous NPM Breach In History Affecting CrowdStrike and Hundreds of Popular Packages

Idan Dardikman

,

Yuval Ronen

,

September 16, 2025

Koi Research

WhiteCobra's Playbook Exposed: Critical Mistake Reveals 24-Extension Campaign Targeting VS Code and Cursor

Yuval Ronen

,

,

September 13, 2025

Company News

Koi Raises $48M to Reinvent Endpoint Security for the Modern Software Stack

Amit Assaraf

,

,

September 10, 2025

Koi Research

The Package Poisoner: How 2.5 Billion Weekly Downloads Were Compromised in npm's Largest Supply Chain Attack

Idan Dardikman

,

Yuval Ronen

,

September 8, 2025

Koi Research

SpyVPN: The Google-Featured VPN That Secretly Captures Your Screen

Lotan Sery

,

,

August 19, 2025

Koi Research
Security Insights

Live Updates: Sha1-Hulud, The Second Coming - Hundreds of NPM Packages Compromised

Yuval Ronen

,

Idan Dardikman

,

November 24, 2025

Koi Research
Security Insights

Live Updates: Shai-Hulud, The Most Dangerous NPM Breach In History Affecting CrowdStrike and Hundreds of Popular Packages

Idan Dardikman

,

Yuval Ronen

,

September 16, 2025