Research, insights, and updates from the isMalicious team.

Malicious npm packages use typosquatting, dependency confusion, install scripts, and maintainer compromise to steal secrets and backdoor builds. Learn practical detection and response.

Build a modern supply-chain security program: generate SBOMs, map CVEs to components, integrate EPSS and KEV, and coordinate fixes across vendors and open-source maintainers.

Software bills of materials are not paperwork for compliance alone. Learn how SBOMs reduce third-party risk and speed response when a dependency blows up.

Supply chain attacks have become the weapon of choice for sophisticated threat actors. Learn how to detect compromised vendors, monitor third-party risk, and protect your organization before your suppliers become your vulnerability.
Our blog features in-depth analysis from our threat research team. Each article is backed by real data from our analysis of millions of malicious domains, IPs, and URLs across the global threat landscape. Topics include ransomware campaigns, phishing techniques, malware distribution networks, and emerging threat trends. We publish actionable intelligence that security teams can immediately use to improve their defenses.
Beyond threat analysis, we share practical guidance for security practitioners. Our tutorials cover API integration, SIEM configuration, threat hunting techniques, and building effective threat intelligence programs. Whether you're a SOC analyst, security engineer, or CISO, you'll find content tailored to your role and experience level.
The threat landscape evolves constantly. Our blog keeps you informed about the latest attack techniques, newly discovered vulnerabilities, and emerging threat actors. Subscribe to our newsletter for weekly digests of the most important developments in cybersecurity.
Weekly threat intelligence insights delivered to your inbox.