Phylum detects massive typosquat campaign targeting popular Python libraries on PyPI. Over 500 variations published. Protect your software supply chain from these threats.| Phylum Research | Software Supply Chain Security
Yesterday, Phylum's automated risk detection platform discovered that the PyPI package aiocpa was updated to include malicious code that steals private keys by exfiltrating them through Telegram when users initialize the crypto library. While the attacker published this malicious update to PyPI, they deliberately kept the package'| Phylum Research | Software Supply Chain Security
Vet open-source software packages and block attacks before entering an organization or developer workstation.| Phylum Research | Software Supply Chain Security
There's a renewed surge of attacks with obfuscated JavaScript and fake job campaigns to compromise developers and infiltrate companies. See Phylum research.| Phylum Research | Software Supply Chain Security
Protect your appsec. Malicious packages pose a greater risk to the software supply chain than vulnerabilities. See Phylum Research.| Phylum Research | Software Supply Chain Security
Open-source spam is a growing threat. The Tea protocol and npm are taking action, but the problem persists. Our research is dedicated to combating this issue and protecting the integrity of the open-source ecosystem. See Phylum Research.| Phylum Research | Software Supply Chain Security
Beware of malicious JPEG files. Fake AWS packages sneak command-and-control malware into systems, leaving developers vulnerable to attack for more extended periods. See Phylum Research.| Phylum Research | Software Supply Chain Security
North Korean hackers are using a new tactic to target software developers. They create fake copies of legitimate packages to steal cryptocurrency and other sensitive data. See Phylum Research...| Phylum Research | Software Supply Chain Security
Subscribe to Phylum research for the latest on software supply chain attacks in the open-source ecosystem.| Phylum Research | Software Supply Chain Security
In 2025, prepare for increased software supply chain attacks initiated from the open-source ecosystem, more attack types, and expanded attack vectors.| Phylum Research | Software Supply Chain Security
Software supply chain security faces sophisticated security threats in the open-source ecosystem. Phylum analyzed millions of packages & files. Read more.| Phylum Research | Software Supply Chain Security
In ongoing supply chain attack on npm.| Phylum Research | Software Supply Chain Security
Software supply chain attack targets open-source developers in npm via malicious packages that steal Ethereum private keys, gain SSH persistence.| Phylum Research | Software Supply Chain Security
In Q2 2024, verified malicious package publications were up with increased obfuscation. Attack sophistication has continued to evolve. See the Phylum Research Team's Quarterly Report.| Phylum Research | Software Supply Chain Security
Protect your JavaScript projects. Learn about a persistent campaign targeting npm with trojanized jQuery packages designed to steal form data. See Phylum Research.| Phylum Research | Software Supply Chain Security
Discover the power of polyfills. Learn how these essential tools bridge the gap between modern JavaScript features and older browsers. See Phylum Research.| Phylum Research | Software Supply Chain Security
Uncover the hidden dangers of npm packages. Phylum Research reveals a malicious package known as "react-zutils" designed to steal cryptocurrency data.| Phylum Research | Software Supply Chain Security
On May 24, 2024, Phylum’s automated risk detection platform alerted us to a suspicious publication on npm. The package in question is called glup-debugger-log and was published with two obfuscated files that worked together; one worked as a kind of initial dropper setting the stage for the malware campaign| Phylum
Open-source Ecosystem Malware Alert: Phylum Research exposes a novel steganography attack to deliver a malicious Go binary within a PyPI package.| Phylum Research | Software Supply Chain Security
North Korean threat actors return to npm with a new attack. Phylum detects malicious packages targeting macOS and Windows. Protect your software supply chain.| Phylum Research | Software Supply Chain Security
Open source rocks, but 82% of malicious packages lack CVEs. Phylum monitors open-source libraries & alerts you to threats before they hit your software.| Phylum Research | Software Supply Chain Security
Developing story: Open source repositories are polluted with thousands of dubious packages published by opportunistic actors exploiting a protocol. Read more...| Phylum Research | Software Supply Chain Security
Phylum detects malicious npm package vue2util. A hidden cryptojacking scheme exploits the ERC20 contract approval mechanism. Learn how to protect your software supply chain from these threats.| Phylum Research | Software Supply Chain Security
Phylum celebrates four years of fighting open-source software supply chain risk scanning packages in seven ecosystems: npm, PyPI, NuGet, crates.io, RubyGems, Golang, and Maven Central.| Phylum Research | Software Supply Chain Security
A bad actor on GitHub continually respawns his malware immediately after PyPI takes it down.| Phylum Research | Software Supply Chain Security
On Wednesday, February 21, Phylum’s automated risk detection platform alerted us to an anomalous publication of a PyPI package named django-log-tracker. This package was first published to PyPI in April 2022. The linked Github repository shows activity around the same time. It’s interesting to note, though, that today’| Phylum Research | Software Supply Chain Security
Phylum continues to discover malware polluting open-source ecosystems. In this blog post, we take a deep-dive into an npm package trying to masquerade as code profiler which actually installs several malicious scripts including a cryptocurrency and credential stealer. Curiously, the attacker attempted to hide the malicious code in a test| Phylum Research | Software Supply Chain Security
Phylum is the front-runner in software supply chain attack identification and protection. Across the current digital landscape - where open source is used in 97% of projects and comprises more than 70% of code bases - keeping tabs on threats and risks originating from the use of open source is| Phylum Research | Software Supply Chain Security
⚠️This appears to be an ongoing campaign. Since publication, additional packages have been released tied to this threat actor. See the IOCs below. On January 12, 2024 Phylum’s automated risk detection platform alerted us to a suspicious publication on npm. The package in question, oscompatible, contained a few strange| Phylum Research | Software Supply Chain Security
Back in November, we published a write-up about a collection of npm packages involved in a complex attack chain. These packages, once installed, would download a remote file, decrypt it, execute an exported function from it, and then meticulously cover their tracks by deleting and renaming files. This left the| Phylum Research | Software Supply Chain Security
Background Today’s security breach at Ledger, a leader in cryptocurrency hardware wallets, has raised significant alarms in the digital assets community. The breach was facilitated through a spear phishing attack on a former employee. Apparently, the goal of the phishing attempt was exfiltration of Ledger’s npmjs publishing credentials,| Phylum Research | Software Supply Chain Security
On October 30, 2023 Phylum’s automated risk detection platform alerted us to a strange publication to npm called puma-com. Upon investigation, we found a very convoluted attack chain that ultimately pulled a remote file, manipulated it in place, called an exported function from that file, and then meticulously covered| Phylum Research | Software Supply Chain Security
In June 2023, Phylum was the first to unearth a series of suspicious npm publications belonging to what appeared to be a highly targeted attack. The identified packages, published in pairs, required installation in a specific sequence, subsequently retrieving a token that facilitated the download of a final malicious payload| Phylum Research | Software Supply Chain Security