Phylum Research

Attack Types   |   Aug 25, 2022

The Unacknowledged Risk of Authors

One of the largest attack surfaces across the software supply chain...

Attack Types   |   Oct 18, 2021

What Happens to Author Reputation When Malicious Packages are Taken Offline?

What happens to an author after a malicious package is discovered and...

Research   |   Sep 28, 2021

Vulnerability Reporting Has Fallen Behind

With the explosion of new software over the past decade,...

Attack Types   |   Apr 25, 2021

Build System and Version Control Compromises - the New Normal

While SolarWinds made headlines within the last few months for the...

Attack Types   |   Mar 23, 2021

Internally Hosted Dependencies: A Losing Battle

Dependency confusion allows bad actors to emulate internal software...

Attack Types   |   Mar 17, 2021

Repo Jacking: Hidden Danger in Broken Links

Repo jacking is an insidious software supply chain issue. Attackers...

Attack Types   |   Jan 09, 2021

How to Understand and Defend Against SolarWinds-Type Attacks

In late 2020, one of the most devastating cyber attacks of the last...

Attack Types   |   Aug 28, 2020

The Anatomy of a Malicious Package (Part 2)

Picking up where we left off in the last article, it's time to start...

Attack Types   |   Aug 21, 2020

The Anatomy of a Malicious Package

What does a malicious package actually look like in practice? We'll...