What is Lyrie Research?

Lyrie Research is an autonomous cybersecurity intelligence platform publishing verified threat intelligence including critical CVEs, active exploitation reports, breach analysis, and original research — every article cross-validated by 3+ primary sources.

How does Lyrie.ai protect against rogue AI threats?

Lyrie.ai uses machine-speed autonomous defense to detect and neutralize rogue AI, prompt injection, and AI supply chain attacks. It responds before human analysts can react.

What cybersecurity topics does Lyrie Research cover?

Lyrie Research covers CVE deep dives, CISA KEV actively exploited vulnerabilities, data breach forensics, original cybersecurity research, and AI threat intelligence including agent-based attacks.

How often is Lyrie Research updated?

Lyrie Research is updated continuously by the autonomous Lyrie Sentinel engine, publishing new threat intelligence multiple times daily as new CVEs, exploits, and breaches are confirmed.

Is Lyrie Research free to access?

Yes, all articles on Lyrie Research are freely accessible. For active protection by the same intelligence engine, visit lyrie.ai.

← Home

#npm

47 stories tagged.

The Developer Is the New Perimeter: How QLNX and Shai-Hulud Are Turning Developer Workstations Into Supply Chain Launchpads

11 min · 0 sources

The Worm That Reads Your Secrets: Shai-Hulud, QLNX, and the 2026 Developer Credential Supply Chain War

9 min · 0 sources

The Worm That Eats Your Vault: Shai-Hulud's Bitwarden CLI Attack and the Definitive CI/CD Secrets Defense Playbook

11 min · 0 sources

The npm Trust Stack Is Broken: Axios DPRK Compromise, DevTap Persistence Implant, and EVM/DeFi Key Theft — A 2026 Supply Chain Post-Mortem Trifecta

11 min · 0 sources

Worm Logic: TeamPCP's Shai-Hulud 'Third Coming' Compromises Bitwarden CLI and 796 npm Packages — A Full Post-Mortem

10 min · 0 sources

The Worm That Crossed the Ecosystem: Mini Shai-Hulud's PyTorch Lightning Hijack and the Rise of Cross-Registry Supply Chain Attacks

10 min · 0 sources

The Developer Machine as Rental Infrastructure: How kube-health-tools Turned Kubernetes Engineers Into Chinese LLM Relay Nodes

8 min · 0 sources

Attacking the Watchers: How TeamPCP Weaponized Trivy, Checkmarx, and Bitwarden CLI Against the Entire Developer Ecosystem

10 min · 0 sources

\"A Mini Shai-Hulud Has Appeared\": How Attackers Turned SAP's npm Ecosystem Into a Credential Vacuum

9 min · 0 sources

The Worm That Won't Stop: TeamPCP's Mini Shai-Hulud Supply Chain Campaign Devours SAP, Bitwarden, and PyTorch Lightning

9 min · 0 sources

Shai-Hulud Devours the Ecosystem: TeamPCP's Cross-Ecosystem Supply Chain Blitz Hits PyTorch Lightning, SAP npm, Bitwarden, and Hundreds of CI/CD Pipelines

8 min · 0 sources

The Worm That Rode the Sandstorm: Mini Shai-Hulud's TeamPCP Supply Chain Assault Across PyPI, npm, and PHP

10 min · 0 sources

Shai-Hulud: The Third Coming — How TeamPCP Turned Trivy Into a Master Key, Checkmarx Into a Staging Ground, and Bitwarden CLI Into a Self-Propagating CI/CD Worm

10 min · 0 sources

The Guardians Were Already Compromised: TeamPCP's Second Checkmarx Strike and the April 2026 Triple-Registry Credential Harvest

9 min · 0 sources

The Fortune 500 Faker: How Attackers Impersonated Asurion's npm Packages to Run a Multi-Stage Credential Harvester

11 min · 0 sources

The Worm That Lives on the Blockchain: CanisterSprawl's ICP C2 Architecture and the 48-Hour Supply Chain Blitz That Broke Three Ecosystems

10 min · 0 sources

The Trust Ladder: How TeamPCP Climbed From Security Scanners to Password Managers — Six Weeks of Supply Chain Escalation, Post-Mortem

10 min · 0 sources

The 48-Hour Siege: How Three Simultaneous Supply Chain Campaigns Turned npm, PyPI, and Docker Hub Into Credential Factories

12 min · 0 sources

The 174-Minute Poison Window: How North Korean Hackers Compromised 100 Million Weekly npm Downloads and Triggered the Vercel Breach

10 min · 0 sources

#npm

OpenAI Got Hit by a Supply Chain Attack. Lyrie Would Have Stopped It Before It Started.

The Worm That Learned to Sign Itself: Shai Hulud's Eight-Month npm Supply Chain Rampage — A Full Post-Mortem

The Marketplace Is the Attack Surface: How 'Trust Inheritance' Became 2026's Most Dangerous Supply Chain Vector

When the AI Writes the Backdoor: PromptMink, Famous Chollima, and the Dawn of LLMO-Optimized Supply Chain Attacks

The Worm That Eats Developers: Shai-Hulud's Third Coming and the Mini Wave That Hit 1,800 Repos in 48 Hours

The Developer Is the New Perimeter: How QLNX and Shai-Hulud Are Turning Developer Workstations Into Supply Chain Launchpads

The Worm That Reads Your Secrets: Shai-Hulud, QLNX, and the 2026 Developer Credential Supply Chain War

The Worm That Eats Your Vault: Shai-Hulud's Bitwarden CLI Attack and the Definitive CI/CD Secrets Defense Playbook

The npm Trust Stack Is Broken: Axios DPRK Compromise, DevTap Persistence Implant, and EVM/DeFi Key Theft — A 2026 Supply Chain Post-Mortem Trifecta

Worm Logic: TeamPCP's Shai-Hulud 'Third Coming' Compromises Bitwarden CLI and 796 npm Packages — A Full Post-Mortem

The Worm That Crossed the Ecosystem: Mini Shai-Hulud's PyTorch Lightning Hijack and the Rise of Cross-Registry Supply Chain Attacks

The Crypto Dev Trap: Six Fake npm Packages Target EVM Engineers, Drain Wallets and Cloud Credentials in Real Time

The 42-Minute Worm: TeamPCP's Mini Shai-Hulud Tears Through PyTorch, SAP, and Intercom in 48 Hours

The 90-Minute Window: How Shai-Hulud's Third Coming Weaponized Bitwarden's Own CI Pipeline Against 250,000 Developers

The Developer Machine as Rental Infrastructure: How kube-health-tools Turned Kubernetes Engineers Into Chinese LLM Relay Nodes

Attacking the Watchers: How TeamPCP Weaponized Trivy, Checkmarx, and Bitwarden CLI Against the Entire Developer Ecosystem

\"A Mini Shai-Hulud Has Appeared\": How Attackers Turned SAP's npm Ecosystem Into a Credential Vacuum

The Worm That Won't Stop: TeamPCP's Mini Shai-Hulud Supply Chain Campaign Devours SAP, Bitwarden, and PyTorch Lightning

Shai-Hulud Devours the Ecosystem: TeamPCP's Cross-Ecosystem Supply Chain Blitz Hits PyTorch Lightning, SAP npm, Bitwarden, and Hundreds of CI/CD Pipelines

The Worm That Rode the Sandstorm: Mini Shai-Hulud's TeamPCP Supply Chain Assault Across PyPI, npm, and PHP

Shai-Hulud: The Third Coming — How TeamPCP Turned Trivy Into a Master Key, Checkmarx Into a Staging Ground, and Bitwarden CLI Into a Self-Propagating CI/CD Worm

The Worm That Reads the Room: TeamPCP's Mini Shai-Hulud Crosses the PyPI/npm Divide and Poisons AI Infrastructure

The Butlerian Jihad Post-Mortem: How TeamPCP Turned Bitwarden Into an npm Worm That Poisons AI Coding Assistants

The Sleeper Cluster Wakes: BufferZoneCorp + TeamPCP's Cross-Ecosystem Supply Chain Wave (Ruby, Go, npm, GitHub Actions)

The AI Agent Toolchain Is the New Kill Zone: CanisterSprawl's Post-Mortem

The AI Accomplice: How North Korea's Famous Chollima Used Claude Opus to Plant Malware in Crypto Trading Agents

The Worm That Codes Itself: TeamPCP's Mini Shai-Hulud and the Industrialization of Open-Source Supply Chain Attacks

The Worm That Crossed the Ocean: Mini Shai-Hulud, TeamPCP, and the Supply Chain Attack That Won't Stop Evolving

The Trust Inversion: How TeamPCP Turned Your Security Scanner Into a CI/CD Master Key

The Worm That Cannot Be Killed: CanisterSprawl, Blockchain C2, and the Self-Propagating Supply Chain Nightmare

The Password Manager Was the Payload: Shai-Hulud v3, the Triple-Registry Storm, and the Collapse of Developer Trust

The Guardians Were Already Compromised: TeamPCP's Second Checkmarx Strike and the April 2026 Triple-Registry Credential Harvest

The Fortune 500 Faker: How Attackers Impersonated Asurion's npm Packages to Run a Multi-Stage Credential Harvester

The Worm That Lives on the Blockchain: CanisterSprawl's ICP C2 Architecture and the 48-Hour Supply Chain Blitz That Broke Three Ecosystems

lyrie-agent v0.4.0 — SARIF Viewer, Matrix E2EE, Python Async

lyrie-agent is now on npm — npm install lyrie-agent

Hacking the Hunters: How TeamPCP Turned Security Tooling Into the Supply Chain Weapon

The 100 Million Download Backdoor: A Full Post-Mortem of the Axios npm Supply Chain Compromise

OpenClaw: Agent gateway config mutations could change protected operator settings

The 48-Hour Supply Chain Siege: Shai-Hulud, TeamPCP, and the Week the Developer Toolchain Became the Kill Chain

CanisterSprawl Post-Mortem: How npm's Self-Propagating Worm Weaponized Blockchain Infrastructure to Become Seizure-Proof

The Trust Ladder: How TeamPCP Climbed From Security Scanners to Password Managers — Six Weeks of Supply Chain Escalation, Post-Mortem

The 48-Hour Siege: How Three Simultaneous Supply Chain Campaigns Turned npm, PyPI, and Docker Hub Into Credential Factories

The 174-Minute Poison Window: How North Korean Hackers Compromised 100 Million Weekly npm Downloads and Triggered the Vercel Breach

The Scanner That Scanned You Back: TeamPCP's Second Checkmarx Breach and the April 2026 Supply Chain Siege

Your Kubernetes Package Is Now an AI Piracy Node: The kube-health-tools GPT-Proxy Supply Chain Attack

The April 2026 Open Source Supply Chain Storm: Axios, CanisterWorm, and the 48-Hour Assault on npm, PyPI, and Docker Hub