Ox Security
Coverage of Ox Security in the Nexus archive.
- Malware dev tries to steal Claude users' secrets, writes npm slop, leaks own GitHub private token
A malware package named 'mouse5212-super-formatter' targeting Claude users was removed from npm after 676 downloads. It leaked the attacker's GitHub private token, enabling researchers to trace stolen files. The malware, analyzed by OX Security, exfiltrates sensitive data via GitHub and uses deceptive techniques to avoid detection.
- Malicious npm Package Stole Files From Claude AI User Directory via GitHub
A malicious npm package named 'mouse5212-super-formatter' was discovered to steal files from Anthropic's Claude AI user directory. Cybersecurity researchers from OX Security identified the package's ability to upload files from a specific directory used by Claude AI, highlighting a security risk for users of the AI tool.
- Megalodon chums the waters in 5.5K+ GitHub repo poisonings
A malware campaign called Megalodon poisoned over 5,500 GitHub repositories with CI/CD credential-stealing malware, stealing AWS keys, Google Cloud tokens, and other sensitive credentials. The attack, discovered by SafeDep researchers, was distributed through a compromised Tiledesk package on npm, marking an escalation in supply chain attacks targeting developers.
- Analysis of 216M Security Findings Shows a 4x Increase In Critical Risk (2026 Report)
OX Security analyzed 216 million security findings across 250 organizations, revealing a 52% year-over-year increase in raw alerts and a 400% surge in prioritized critical risk. The report attributes the growing 'velocity gap' to AI-assisted development accelerating high-impact vulnerabilities.