North Korean hackers are using a new tactic to target software developers. They create fake copies of legitimate packages to steal cryptocurrency and other sensitive data. See Phylum Research...| Phylum Research | Software Supply Chain Security
North Korean threat actors return to npm with a new attack. Phylum detects malicious packages targeting macOS and Windows. Protect your software supply chain.| Phylum Research | Software Supply Chain Security
Phylum celebrates four years of fighting open-source software supply chain risk scanning packages in seven ecosystems: npm, PyPI, NuGet, crates.io, RubyGems, Golang, and Maven Central.| Phylum Research | Software Supply Chain Security
Phylum is the front-runner in software supply chain attack identification and protection. Across the current digital landscape - where open source is used in 97% of projects and comprises more than 70% of code bases - keeping tabs on threats and risks originating from the use of open source is| Phylum Research | Software Supply Chain Security
Back in November, we published a write-up about a collection of npm packages involved in a complex attack chain. These packages, once installed, would download a remote file, decrypt it, execute an exported function from it, and then meticulously cover their tracks by deleting and renaming files. This left the| Phylum Research | Software Supply Chain Security