Skip to main content

Categories

Subscribe to Feed

Latest Posts

Showing 0 Items

Resources

Critical Remote Code Execution Vulnerabilities Discovered in React Server Components and Next.js

Security researchers have uncovered severe unauthenticated remote code execution vulnerabilities in React Server Components and Next.js App Router that achieve near 100% exploitation success rates. With 39% of cloud environments running vulnerable versions and 44% having publicly exposed Next.js instances, immediate patching is critical. Organizations should upgrade to patched versions and use StepSecurity's npm package search and Threat Center to identify and monitor affected dependencies.

Ashish Kurmi

December 3, 2025

Read
News

How Harden Runner Detected the Sha1-Hulud Supply Chain Attack in CNCF's Backstage Repository

A case study on detecting npm supply chain attacks through runtime monitoring and baseline anomaly detection

Varun Sharma

December 3, 2025

Read
News

Sha1-Hulud: The Second Coming - Zapier, ENS Domains, and Other Prominent NPM Packages Compromised

The Shai-Hulud NPM Worm Returns as "Sha1-Hulud: The Second Coming" - Devastating Supply Chain Attack Compromises Zapier and ENS Ecosystems, Creates 22,000+ Malicious Repositories and counting

Ashish Kurmi

November 23, 2025

Read
News

9,000 Open-Source Projects Now Secured by Harden-Runner

StepSecurity Harden-Runner now protects 9,000+ open-source projects, delivering real-time CI/CD runtime security and defending pipelines against modern supply chain attacks.

Eromosele Akhigbe

November 17, 2025

Read
Product

Introducing npm Package Search: Find Where Any Package Was Introduced Across Your GitHub Organizations

Instantly trace any npm package to its origin—across every repository, pull request, and contributor—with StepSecurity’s NPM Package Search.

Sai Likhith

November 11, 2025

Read
News

StepSecurity Is Sponsoring GitHub Universe 2025

We’re thrilled to announce that we are sponsoring GitHub Universe 2025 as a Bronze Sponsor — our very first booth at a major conference!

Jake Karger

October 4, 2025

Read
Product

Introducing StepSecurity Threat Intelligence: Real-Time Supply Chain Attack Alerts for Your SIEM

StepSecurity has launched Threat Intelligence, a real-time supply chain attack alerting system designed for seamless SIEM and SOC integration. Unlike generic vulnerability feeds, it delivers actionable intelligence within minutes of compromise, cutting MTTD and MTTR from days to minutes. Powered by the same detection systems that uncovered the tj-actions and nx compromises, it provides proven early-warning capabilities.

Varun Sharma

September 18, 2025

Read
News

Shai-Hulud: Self-Replicating Worm Compromises 500+ NPM Packages

The Shai-Hulud worm has infected over 500 NPM packages including @ctrl/tinycolor in an unprecedented self-propagating supply chain attack. The malware harvests AWS/GCP/Azure credentials using TruffleHog, establishes persistence through GitHub Actions backdoors, and automatically spreads to other maintainer packages - marking the first successful worm attack in the NPM ecosystem.

Ashish Kurmi

September 15, 2025

Read

There are no blog posts matching your criteria at this time.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
StepSecurity | Home
Request a Demo
Start Free
System StatusAbout
DocsPricing
Contact UsProduct Tour
© 2025 All rights reserved
Privacy Policy
Terms of Service