Skip to main content
Back to Blog

Hunt Mode

April 3, 2026

Hunting Supply Chain Compromises LiteLLM & Axios

Supply chain attacks are not new. What is new is the pace and the precision. In the recent Axios and TeamPCP campaigns, we have different actors, different tooling, but the same fundamental constraint: both must install through package managers, execute outside the language runtime, access credentials, persist, and communicate externally. Each step leaves a behavioral trace that outlasts any IOC list.

Hunt Mode
Read More
February 18, 2026

Hunting the Notepad++ Update Hijack

Software supply chain attacks have shifted from occasional, high-profile incidents into a repeatable and increasingly preferred intrusion technique and the Notepad++ incident is the latest evolution. This gives hunters a case for looking at deviations from behavioral baselines.

Hunt Mode
Read More
February 3, 2026

Hunting OpenClaw and Agentic AI Through Behavior

This Hunt Mode breaks down the behaviors that give away OpenClaw (formerly ClawdBot / MoltBot), regardless of how it is packaged, renamed, or delivered.

Hunt Mode
Read More
January 15, 2026

Hunting DigitStealer: Behaviors That Give Away macOS Infostealers

DigitStealer is the next evolution of macOS malware evolution. This breakdown outlines the behaviors to observe to properly hunt for it in your environment.

Hunt Mode
Read More
December 17, 2025

CVE-2025-55182: Finding Behaviors That Give Away React Server Components RCE

Breakdown of the hunt for the malicious behaviors in CVE-2025-55182, a pre-authentication exploit that bypasses most traditional web app firewalls and signature-based controls.

Hunt Mode
Read More

Find hidden threats between the layers

Beacuse breaches happen in silence

Get a Demo