North Korean hackers are using a new tactic to target software developers. They create fake copies of legitimate packages to steal cryptocurrency and other sensitive data. See Phylum Research...| Phylum Research | Software Supply Chain Security
In Q2 2024, verified malicious package publications were up with increased obfuscation. Attack sophistication has continued to evolve. See the Phylum Research Team's Quarterly Report.| Phylum Research | Software Supply Chain Security
North Korean threat actors return to npm with a new attack. Phylum detects malicious packages targeting macOS and Windows. Protect your software supply chain.| Phylum Research | Software Supply Chain Security
Open source rocks, but 82% of malicious packages lack CVEs. Phylum monitors open-source libraries & alerts you to threats before they hit your software.| Phylum Research | Software Supply Chain Security
Phylum celebrates four years of fighting open-source software supply chain risk scanning packages in seven ecosystems: npm, PyPI, NuGet, crates.io, RubyGems, Golang, and Maven Central.| Phylum Research | Software Supply Chain Security