Joined January 2020
- Tweets 798
- Following 134
- Followers 268
- Likes 88
361 Photos and videos
Pinned Tweet
A new @appsecphx video intro...we never thought that making a video would have taken so many people! it was a journey! 😎😁
buff.ly/2Xq5Xy6
#cyber #cybersecurity #app #appsec #cloud #vulnerabilities #priorities #assessment #automation #orchestration #applicaitonsecurity
2
2
5
We tracked 59 supply chain campaigns. 657 malicious IOCs.
CVEs assigned: 0.
Not a bug. Not a vulnerability. A stolen token, a trusted publisher, a poisoned package.
CVE scanners saw nothing.
The Phoenix Supply Chain Acceleration Report 2026 is out.
📦 4.5× package growth in H1 2026
🔴 15.6% of AI agent skills flagged risky
⚠️ GitHub breached via VS Code extension
#SupplyChainSecurity #AppSec #CyberSecurity #DevSecOps #ASPM #ThreatIntelligence #npm #OpenSource #PhoenixSecurity #MalwareIntelligence
2
3
63
📚 Get access to the full report phoenix.security/whitepapers…
7
Your AI coding assistant just became the attacker.
In 2026, supply chain attacks don't need CVEs. They poison your .cursorrules, your CLAUDE.md — and your own AI runs the exfiltration.
59 campaigns. 657 packages. Zero CVEs.
Full breakdown 👇
P.S. We have stickers. Booth G7, Vienna, June 22–26 🇦🇹
#OWASP #supplychainsecurity #appsec
ALT A flat lay of cybersecurity-themed stickers scattered on a dark wood desk in a modern office. The central sticker reads "Fight AI with AI" and features two robots fighting. Other stickers include "I'll Be Back, Your Vulns Won't" and "Hasta La Vista, Vulnerabilities". The blurred background shows a purple office wall with an orange horizontal stripe.
1
1
46
📚 Full technical breakdown by @FrankSEC42 is here - phoenix.security/acceleratin…
1
15
Team PCP has done again, open source miasma malware, this seems a front challenge after the other open source release
1
1
45
github.com/YangYongAn/Miasma… Posting for educational purposes, clone at your own risk, analysis coming soon
1
27
Your scanner has blind spots. 12 of them, actually.
Phoenix Blue watches 12 ecosystems — GitHub Actions, VS Code extensions, MCP Servers, JetBrains. No CVE process covers these.
96.5K packages monitored. No CVE required to flag them.
Working from London today — lunch in the park didn't happen ☁️ Classic.
Details in replies 👇
#AppSec #SupplyChain #PhoenixBlue
2
1
2
59
Going beyond package registries — our latest research on the ecosystems most teams aren't watching:
→ Miasma: npm Supply Chain Attack via Red Hat namespace
phoenix.security/miasma-redh…
→ TrapDoor: Cross-Ecosystem Credential Theft across npm, PyPI, Crates.io
phoenix.security/trapdoor-su…
→ Laravel Lang: RCE Backdoor via Composer tag rewrite
phoenix.security/laravel-lan…
All covered by Phoenix Blue Intelligence. Start free at phoenix.security/phoenix-blu…
hashtag#phoenixblue hashtag#supplychainsecurity hashtag#threatintelligence
44
Overcoming LLM limitations in vulnerability research. This approach integrates with Brave for efficient web searches, unlocking new levels of security analysis. #Cybersecurity #AI #LLMs
34
Francesco Cipollone reveals a tool for quick vulnerability understanding. Get automatic summaries and snippets from this free, open-source project. #OpenSource #Cybersecurity #DevTools
1
37
⚠️ SANDWORM_MODE is an active npm supply chain worm targeting DevSecOps and AI toolchains.
19 malicious packages.
CI poisoning.
AI MCP injection.
Credential exfiltration on import.
If installed, assume breach.
#DevSecOps #AppSec #SupplyChainSecurity #npm
2
2
2
102
Full analysis IOCs: phoenix.security/sandworm-mo…
1
18
Phoenix Security recognized as a Management Leader in the 2026 Latio AppSec Report.
Enterprise vuln programs break when ownership, reachability, and remediation aren’t aligned.
Attribution.
Tool-agnostic reachability.
AI-driven remediation.
From ownership → executable fix.
1
1
29
#AppSec #CyberSecurity #ASPM #DevSecOps
Read more and download the full report here:
👉 phoenix.security/application…
1
25
Security teams don’t have a visibility problem.
They have a remediation throughput problem.
40,000 vulnerabilities → 12 fixes that matter.
Latest breakdown:
• Reachable exploitable prioritization
• Container lineage tracing
• Minimum-impact upgrades
• Dual SLA clocks
1
1
20
Dashboards don’t reduce risk.
Shipping does.
phoenix.security/remediation…
#AppSec #DevSecOps #CyberSecurity
1
30
White Hat Ball 2026 was something special.
This year, Phoenix Security joined not just as guests — but as sponsors, hosting a table and celebrating an incredible community.
#WhiteHatBall #PhoenixSecurity #CyberSecurity #Community #GivingBack
1
1
14
Together, we raised £556,414 for NSPCC.
Proof that when the security community comes together, real impact happens.
Proud to be part of this. See you next year. 🖤🔥
1
12
Proud to sponsor White Hat Ball 2026 🎩
📍 London
📅 Jan 30, 2026
🖤 Black Tie
💙 Supporting Childline (NSPCC)
Cybersecurity is about protecting people — and community matters.
See you there.
#WhiteHatBall #PhoenixSecurity #InfoSec #CyberSecurityCommunity #NSPCC
1
161
Join Phoenix in 2026 🚀
We’ll be at VulnCon, OWASP EU & Global, LASCON, Black Hat USA and more.
Let’s talk real vulnerability exposure, remediation, and security that works in practice.
See you there 👋
#AppSec #CyberSecurity #InfoSec #SecurityCommunity
1
1
40
We’ll be at these events showing how Phoenix Security | ASPM helps security teams focus on what actually matters in production — not just dashboards.
👉 Book a live demo here: phoenix.security/request-a-d…
hashtag#CTEM hashtag#AppSec hashtag#VulnManagement hashtag#SecurityTeams
1
25