@vxunderground on Backlist

3 appearances on the backlist front page in the last 30 days.

24.

471 npm and PyPI artifacts tied to Mini Shai-Hulud/Miasma/Hades

The package campaign is now tracked across hundreds of npm and PyPI artifacts, including newer PyPI samples aimed at bioinformatics and MCP developers

by @vxunderground (vx-underground) · backlist 2026-06-10 · rubric 62.0

28.

Compromised npm packages abuse Hugging Face as exfil infrastructure

Malicious npm packages deployed a RAT that captured keystrokes, screenshots, and wallet credentials while using Hugging Face repositories as infrastructure

by @vxunderground (vx-underground) · backlist 2026-06-03 · rubric 78.0

16.

Steam can be relaunched as a debuggable Chromium app

Launching Steam with Chromium debugging enabled allows JavaScript injection through the webSocketDebuggingUrl interface

by @vxunderground (vx-underground) · backlist 2026-05-30 · rubric 62.0