North Korean hackers are using a new tactic to target software developers. They create fake copies of legitimate packages to steal cryptocurrency and other sensitive data. See Phylum Research...| Phylum Research | Software Supply Chain Security
In Q2 2024, verified malicious package publications were up with increased obfuscation. Attack sophistication has continued to evolve. See the Phylum Research Team's Quarterly Report.| Phylum Research | Software Supply Chain Security
Uncover the hidden dangers of npm packages. Phylum Research reveals a malicious package known as "react-zutils" designed to steal cryptocurrency data.| Phylum Research | Software Supply Chain Security
Open source rocks, but 82% of malicious packages lack CVEs. Phylum monitors open-source libraries & alerts you to threats before they hit your software.| Phylum Research | Software Supply Chain Security
Phylum celebrates four years of fighting open-source software supply chain risk scanning packages in seven ecosystems: npm, PyPI, NuGet, crates.io, RubyGems, Golang, and Maven Central.| Phylum Research | Software Supply Chain Security