In September 2025, a sophisticated phishing campaign led to one of the most impactful npm maintainer account compromises to date. It affected billions of weekly downloads and thousands of dependent projects, highlighting how security vulnerabilities can stem from the trust placed in maintainers and widely used dependencies. TL;DR: What Happened in the npm Maintainer Account The post How Did the September npm Maintainer Account Compromise Happen and What Can We Learn from it? appeared first on CyberMaxx.

In the recent Shai-Hulud npm supply chain attack in early September, threat actors phished multiple npm maintainer accounts and injected malicious updates into widely used packages. The breach spread quickly by stealing dev tokens and updating other packages with malware, compromising 500+ packages globally and affecting millions of downloads weekly. TL;DR: Inside the Shai Hulud The post How Did the Shai-Hulud npm Attack Happen and What Can We Learn from it? appeared first on CyberMaxx.

Executive Summary Recently, we published a blog series based on a threat actor pivot to a tactic for initial execution called FileFix. The techniques deployed in this attack took an interesting turn, but our team was prepared for it. Previously, FileFix and its predecessor, ClickFix, were known to abuse LOLBins like PowerShell Download Cradles, CertUtil, The post Cache Smuggling: The Interesting Download Cradle Provided by your Internet Browser appeared first on CyberMaxx.

Linthicum Heights, MD – November 24, 2025 – CyberMaxx, a leading provider of Managed Detection and Response (MDR) services, announced the appointment of three senior leaders to reinforce its commitment to a channel-first strategy and drive growth across the TSD ecosystem. With a clear vision for meaningful organizational change, CyberMaxx is focused on empowering partners The post CyberMaxx Strengthens Sales Leadership Team to Advance Channel-First Strategy and Accelerate Growth appeared first on CyberMaxx.

There are only a couple of moments between stopping a breach and suffering its consequences, so every single second counts. All five of these real incidents reported by our SOC reaffirm CyberMaxx’s “Big R” approach. I believe they all represent one thing: a mindset shift from passively using automated alerting to notify teams about incidents, The post CISO Perspective: How Human Readiness Stops Breaches appeared first on CyberMaxx.