diff --git a/src/blog/npm-supply-chain-compromise-postmortem.md b/src/blog/npm-supply-chain-compromise-postmortem.md
index 596f3e2e..20ffb1fc 100644
--- a/src/blog/npm-supply-chain-compromise-postmortem.md
+++ b/src/blog/npm-supply-chain-compromise-postmortem.md
@@ -68,7 +68,7 @@ All times UTC. Local timestamps from GitHub API and npm registry.
 
 | Time              | Event                                                                                                                                                                                                                                                                                                                                                                                                                   |
 | ----------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| 2026-05-11 ~19:50 | External researcher (`carlini`) opens issue #7383 with a complete writeup of the malicious `optionalDependencies` fingerprint and the package list (initially 14 of the 42)                                                                                                                                                                                                                                             |
+| 2026-05-11 ~19:50 | External researcher `ashishkurmi` working for StepSecurity opens issue #7383 with a complete writeup of the malicious `optionalDependencies` fingerprint and the package list (initially 14 of the 42)                                                                                                                                                                                                                                             |
 | 2026-05-11 ~19:50 | Researcher notifies npm security directly                                                                                                                                                                                                                                                                                                                                                                               |
 | 2026-05-11 ~20:00 | Manuel acknowledges in #7383 — incident response begins                                                                                                                                                                                                                                                                                                                                                                 |
 | 2026-05-11 ~20:10 | Manuel removes all other team push permissions on GitHub in case of user machines have been compromised                                                                                                                                                                                                                                                                                                                 |
@@ -139,7 +139,7 @@ The chain only works because each vulnerability bridges the trust boundary the o
 
 ### How we found out
 
-Detection was external. `carlini` opened issue #7383 ~20 minutes after the publish, with full technical analysis. Tanner received a phone call from Socket.dev just moments after starting the war room confirming the situation.
+Detection was external. External researcher `ashishkurmi` working for StepSecurity opened issue #7383 ~20 minutes after the publish, with full technical analysis. Tanner received a phone call from Socket.dev just moments after starting the war room confirming the situation.
 
 ### IOC fingerprints (for downstream maintainers and security tools)