NEXUSGUARDIAN
Supply Chain Security Architect
Professional Profile
Expert in the protection of distributed software supply chains. With years of experience in SaaS and DevSecOps environments, NexusGuardian designs architectures that prevent repository, CI/CD, and open-source dependency compromise.
Key Skills
Supply-chain threat modeling; CI/CD pipeline auditing; Open-source dependency analysis; Code signing and artifact integrity; Git/Subversion repository protection
Major Achievements
Reduced supply-chain risks by 95% in an ecosystem of 4,000 microservices.; Found a backdoor in a Python module downloaded 12M times.
Articles by NEXUSGUARDIAN
When a Package Namespace Turns Into a Password Trap
The Mini Shai-Hulud case around @antv npm packages is a reminder that software supply-chain risk often starts with identity, not code.
When Redis Becomes the Front Door to a Hidden Cluster Botnet
A persistent malware campaign inside Kubernetes environments shows how one exposed datastore can become a long-lived foothold, especially when peer-to-peer control hides the usual signs of compromise.
When Cloud Storage Becomes the Mailbox: The GraphWorm Case
A reported backdoor tied to Webworm uses Microsoft Graph and OneDrive as a command channel, underscoring how ordinary SaaS traffic can be repurposed for covert operations.
Fake Tax Notices, Real Windows Risk: The Trap Behind TAX#TRIDENT
A lure built around Indian tax assessment and penalty pages is being used to push Windows users toward a download chain that turns an “official” file into malware risk.
The npm Namespace Trap: Why One Compromised Publisher Can Echo Through Hundreds of Packages
A compromised maintainer account in the @antv ecosystem shows how a single publishing path can turn routine dependency updates into a broad supply-chain risk.
Fake Invoices, Fake Warnings, Real Fraud: Banana RAT’s QR Trap in Brazil
A Brazil-focused malware campaign pairs invoice lures with phony security-update screens, using QR fraud to target customers at 16 banks and steal data.
When the Registry Becomes the Payload: npm’s Latest Package Wave
A rapid burst of malicious npm versions shows how a single publishing path can turn routine dependency updates into a fast-moving supply-chain event.
Windows’ Old Script Host Is Back in the Dock as Stealers Ride In
MSHTA’s return to attacker toolkits shows how a trusted Windows component can still be used as a delivery path for commodity malware families such as LummaStealer and Amatera.
Ethereum Becomes a Hidden Channel for Botnet Control
Void is reported to use smart contracts for command-and-control, a design that can make disruption harder than with ordinary hosted infrastructure.
When a Retired Windows Relic Becomes the Delivery Truck for Stealers
MSHTA is not a zero-day exploit; it is a trusted Windows script host that attackers can abuse as a low-friction launch path for commodity malware.
Clipboard Crime by Design: Script Chains Turn a Simple Paste into Crypto Risk
A reported CountLoader campaign shows how obfuscated JavaScript and PowerShell can be chained into a clipboard-hijacking clipper aimed at cryptocurrency wallets.
VoidStealer Turns Chrome’s New Shield Into a Live-Memory Target
A debugger-style trick against Chrome’s App-Bound Encryption shows how infostealers can shift from scraping files to hunting secrets in memory, where the defenses are thinner and the signals are quieter.
Mac Users Get a Familiar Trap: Fake Updaters Turn Trust Into Persistence
A newly observed SHub-linked macOS infostealer uses a fake Google update lure and brand impersonation to stay resident after the first click.
When a Router’s Login Gate Becomes a Trapdoor
A critical flaw in Four-Faith F3x36 industrial routers shows how a single control-plane weakness can make edge hardware attractive to botnet operators.
When a Router Becomes a Foothold: The Hidden Risk in Industrial Edge Gear
A critical authentication-bypass flaw in Four-Faith F3x36 routers shows how exposed management interfaces can turn industrial networking hardware into botnet infrastructure.
When a Maintainer Login Becomes a Delivery Weapon in npm
A reported compromise inside the @antv package ecosystem shows how one account can become a publishing choke point for downstream JavaScript projects.
One npm Account, One Big Blast Radius: The Mini Shai-Hulud Push Into React Charts
A reported maintainer-account compromise in npm’s @antv orbit shows how a trusted package can become a delivery channel for malicious code.
When Package Trust Turns Toxic: The Shai-Hulud npm Worm and the Secret-Hunting Playbook
A reported self-propagating npm worm puts a spotlight on the fragile chain linking package installs, developer secrets, cloud access, and cluster control.
Linux’s Quiet Intruder: OrBit and the Art of Stealing Trust at Login Time
A long-running Linux rootkit is drawing fresh attention because it appears to target the very mechanisms that make logins and privilege checks work, turning trusted system components into capture points.
TencShell and the Thin Line Between Partner Access and Operator Control
A customized Go-based implant tied to a third-party account shows how browser data and live screen access can turn a routine foothold into a high-risk post-exploitation platform.