Phylum Research Team
Hackers, Data Scientists, and Engineers responsible for the identification and takedown of software supply chain attackers.
Software supply chain attack targets open-source developers in npm via malicious packages that steal Ethereum private keys, gain SSH persistence.
North Korea Still Attacking Developers via npm
There's a renewed surge of attacks with obfuscated JavaScript and fake job campaigns to compromise developers and infiltrate companies. See Phylum research.
The Great npm Garbage Patch
Open-source spam is a growing threat. The Tea protocol and npm are taking action, but the problem persists. Our research is dedicated to combating this issue and protecting the integrity of the open-source ecosystem. See Phylum Research.
Q2 2024 Evolution of Software Supply Chain Security Report
In Q2 2024, verified malicious package publications were up with increased obfuscation. Attack sophistication has continued to evolve. See the Phylum Research Team's Quarterly Report.
Fake AWS Packages Ship Command and Control Malware In JPEG Files
Beware of malicious JPEG files. Fake AWS packages sneak command-and-control malware into systems, leaving developers vulnerable to attack for more extended periods. See Phylum Research.