Axios Front-End Library npm Supply Chain Poisoning Alert
abril 1, 2026
Overview On March 31, NSFOCUS CERT detected that the npm repository of the HTTP client library Axios was poisoned by the supply chain. The attacker bypassed the normal GitHub Actions CI/CD pipeline of the project, changed the account email address of the axios maintainer to an anonymous ProtonMail address, and manually released a malicious version […]
Microsoft’s March Security Update of High-Risk Vulnerability Notice for Multiple Products
março 30, 2026
Overview On March 11, NSFOCUS CERT detected that Microsoft released the March Security Update patch, which fixed 83 security issues involving widely used products such as Windows, Microsoft Office, Microsoft SQL Server, Azure, etc., including high-risk vulnerability types such as privilege escalation and remote code execution. Among the vulnerabilities fixed by Microsoft’s monthly update this […]
AI Infrastructure LiteLLM Supply Chain Poisoning Alert
março 27, 2026
Overview Recently, NSFOCUS Technology CERT detected that the GitHub community disclosed that there was a credential stealing program in the new version of LiteLLM. Analysis confirmed that it had suffered supply chain poisoning by the TeamPCP group on PyPI. It stole the publishing permission credentials by hacking into the security scanning tool Trivy used in […]
NSFOCUS Threat Intelligence: Building an OpenClaw Defense System with Multiple-Layer Protection
março 24, 2026
In 2026, AI agents are being widely used. OpenClaw has become a high-frequency efficiency improvement tool for enterprises and developers with its autonomous decision-making and local execution capabilities. However, several authoritative security agencies have recently issued warnings: OpenClaw is facing multi-dimensional security threats from supply chain poisoning to remote control. When internal employees privately deploy […]
RSAC 2026 Innovation Sandbox | ZeroPath: From Alarm Accumulation to Executable Fixes
março 22, 2026
Company Profile ZeroPath is an AI-native application security startup founded in 2024, and its core products also use the eponymous brand ZeroPath. The company focuses on using AI to automatically discover, verify and fix code vulnerabilities, trying to break through the limitations of traditional SAST, SCA, Secrets scanning and IaC scanning that are fighting each […]
RSAC 2026 Innovation Sandbox | Humanix: People-Oriented Social Engineering Attack Detection and Response
março 20, 2026
Company Profile Humanix (see Figure 1) is a cybersecurity company focusing on human-centric threat detection and response, dedicated to protecting enterprises from social engineering attacks against “people”, headquartered in the San Francisco Bay Area of the United States [1]. Its core concept is: Traditional security focuses a lot of energy on systems and boundaries, and most […]
RSAC 2026 Innovation Sandbox | Clearly AI: Automated Software Security Platform Empowered by AI
março 19, 2026
Company Profile Founded in 2024, Clearly AI is a company focused on automating enterprise security and privacy audits, headquartered in Seattle, Washington, USA. The company was co-founded by Emily Choi-Greene and Joe Choi-Greene, and the core team has deep practical and technical accumulation: CEO Emily worked at Amazon for 5 years, leading the Alexa AI […]
RSAC 2026 Innovation Sandbox | Charm Security: AI Anti-Fraud Platform for New Types of Fraud
março 18, 2026
Company Profile Charm Security (hereinafter referred to as Charm) is an innovative security company focused on preventing and solving fraud and deception using Agentic AI technology. Founded in January 2025, the company has set up offices in Tel Aviv, Israel and New York, USA. With a core focus on financial security, it has become an […]
RSAC 2026 Innovation Sandbox | Geordie AI: Architect of Enterprise AI Agent Security Governance Systems
março 17, 2026
Company Profile Geordie AI is a cybersecurity startup founded in 2025 and headquartered in London, specializing in AI Agent security and governance. The company has developed an “Agent-native” security platform for enterprises, enabling real-time discovery, behavior monitoring, and risk control of AI agents deployed within organizations. This helps security teams understand which AI agents are […]
RSAC 2026 Innovation Sandbox | Crash Override: From Passive Scanning to Active Traceability, Reshaping the Software Supply Chain Security Foundation
março 17, 2026
Industry Macro Background and the Software Supply Chain Crisis By 2026, the deepening of global digital transformation, coupled with the proliferation of Generative AI and large language models, is reshaping software development. The industry is shifting from being “efficiency-driven” to “governance-driven.” The root cause lies in the loss of visibility and engineering control within the […]
