Phylum Research Team

Hackers, Data Scientists, and Engineers responsible for the identification and takedown of software supply chain attackers.

PyPI New Account Suspension Pauses Attacks

May 24, 2023 3 min read

PyPI suspended new account registration for about 30 hours over this past weekend because malicious attacks exceeded the human bandwidth available among the PyPI administrators to properly deal with them. For the moment,

Respawning Malware Persists on PyPI

May 16, 2023 5 min read Research

A bad actor on GitHub continually respawns his malware immediately after PyPI takes it down.

Phylum Detects Suspicious Publications Surrounding Popular Python Package Flask

May 12, 2023 9 min read Research

On the morning of May 10, 2023, Phylum’s automated risk detection platform flagged a series of publications surrounding the popular Flask package on PyPI. After reaching out to the author, we discovered

Phylum Discovers Mischievous NPM Publications

May 2, 2023 4 min read Research

That’s right, we’re not talking about a malicious discovery today, but rather a mischievous one. Phylum’s automated risk detection platform alerted us to the publication of some obfuscated JavaScript packages

Q1 2023 Evolution of Software Supply Chain Security

Apr 25, 2023 9 min read Research

Software supply chains are unique among the broader supply chain family. Logistics-based supply chain risks can be contained or limited by industry or region. However, all software applications, everywhere, rely on the same