Phylum

PyPI New Account Suspension Pauses Attacks

May 24, 2023 3 min read

PyPI suspended new account registration for about 30 hours over this past weekend because malicious attacks exceeded the human bandwidth available among the PyPI administrators to properly deal with them. For the moment,

Respawning Malware Persists on PyPI

May 16, 2023 5 min read Research

A bad actor on GitHub continually respawns his malware immediately after PyPI takes it down.

Phylum Detects Suspicious Publications Surrounding Popular Python Package Flask

May 12, 2023 9 min read Research

On the morning of May 10, 2023, Phylum’s automated risk detection platform flagged a series of publications surrounding the popular Flask package on PyPI. After reaching out to the author, we discovered

Phylum Discovers Mischievous NPM Publications

May 2, 2023 4 min read Research

That’s right, we’re not talking about a malicious discovery today, but rather a mischievous one. Phylum’s automated risk detection platform alerted us to the publication of some obfuscated JavaScript packages

Bad Beat Poetry

Apr 30, 2023 13 min read Research

Lockfiles are great. They can also be hard to review and a source of malicious code injection.