Security research

5 posts in this category.

Security research
Slopsquatting: when LLM hallucinations become an attack surface
When LLMs hallucinate plausible-sounding package names, attackers register those names and publish stubs with malicious payloads. The inverse of typosquatting — the model produced the name, not the developer.
May 4, 20264 min read
Security research
Typosquat naming patterns on PyPI: a taxonomy
PyPI typosquats follow a small set of recurring patterns: transposition, omission, hyphenation variants, prefix and suffix insertion, abandoned-name resurrection. Here is the catalog and what each pattern looks like in the wild.
February 25, 20263 min read
Security research
How long do malicious npm packages stay live?
A research note on detection latency for malicious npm packages: median windows of hours for high-profile cases, days-to-weeks for the long tail, with the data caveats. The implication for defense planning is structural.
January 21, 20264 min read
Security research
Maintainer account compromise: how attackers actually get in
A taxonomy of the vectors observed across documented npm and PyPI account-takeover incidents: phishing, credential reuse, expired domains, session-token theft, OAuth grants, and social-engineered handoffs. Each with what mitigates it.
November 18, 20255 min read
Security research
The cooling period as defense: academic foundations
The cooling-period idea — refuse to install brand-new versions until they have been published long enough and observed enough — has a long history in academic literature. Here are the threads of research and why two thresholds beat one.
October 30, 20255 min read

Slopsquatting: when LLM hallucinations become an attack surface

Typosquat naming patterns on PyPI: a taxonomy

How long do malicious npm packages stay live?

Maintainer account compromise: how attackers actually get in

The cooling period as defense: academic foundations