Phylum.io | See Phylum Research Blog & Insights

2025 Software Supply Chain Security Trends & Predictions: AI, Shadow Application Development and Nation State Attacks

Phylum Insights and Resources

In 2025, prepare for increased software supply chain attacks initiated from the open-source ecosystem, more attack types, and expanded attack vectors.

Aaron Bray Nov 20, 2024 6 min read

Phylum Blocks Software Supply Chain Security Attacks

Phylum identifies malicious or risky open-source packages before they enter the software supply chain.

SCA or public databases

82%

of Phylum’s findings are not found by
SCA or reported to public databases

Other curation tools

70%

of Phylum’s findings are not found by
other curation tools

Other software supply chain companies

60%

of Phylum’s findings are not found by
other software supply chain companies

Q3 2024 Evolution of Software Supply Chain Security Report

Software supply chain security faces sophisticated security threats in the open-source ecosystem. Phylum analyzed millions of packages & files. Read more....

Phylum Research Team Oct 31, 2024 7 min read

Typosquat Campaign Targeting npm Developers

Malware authors have published dozens of typosquat npm packages targeting users of the popular Puppeteer library....

Phylum Research Team Oct 31, 2024 18 min read

Trojanized Ethers Forks on npm Attempting to Steal Ethereum Private Keys

Software supply chain attack targets open-source developers in npm via malicious packages that steal Ethereum private keys, gain SSH persistence....

Phylum Research Team Oct 18, 2024 9 min read

Phylum For Artifact Repositories and Package Managers

Vet open-source software packages and block attacks before entering an organization or developer workstation....

Mikala Vidal Sep 24, 2024 3 min read

Phylum Blocks Software Supply Chain Security Attacks

Phylum identifies malicious or risky open-source packages before they enter the software supply chain.

Subscribe to our research