Discord Contact
Phylum Research Team

Phylum Research Team

Hackers, Data Scientists, and Engineers responsible for the identification and takedown of software supply chain attackers.
Malicious Python Packages Replace Crypto Addresses in Developer Clipboards

Malicious Python Packages Replace Crypto Addresses in Developer Clipboards

Phylum Research
Less than a week after we identified dozens of typosquat packages targeting developers, our automated risk platform has identified several more packages involved in a separate burgeoning campaign targeting developers and their cryptocurrency. The packages targeted
Phylum Research Team 6 min read

Phylum Blocks Software Supply Chain Security Attacks

Phylum identifies malicious or risky open-source packages before they enter the software supply chain.

SCA or public databases
82%

of Phylum’s findings are not found by
SCA or reported to public databases

Other curation tools
70%

of Phylum’s findings are not found by
other curation tools

Other software supply chain companies
60%

of Phylum’s findings are not found by
other software supply chain companies

Q&A with Jeff Hudesman, CISO at Pinwheel

Q&A with Jeff Hudesman, CISO at Pinwheel

Phylum Insights and Resources
It’s been almost a year since Phylum customer Jeff Hudesman took on the role of Chief Information Security Officer at Pinwheel, a company on a mission to help create a fairer financial system. Security is
Phylum Research Team 5 min read

Phylum Blocks Software Supply Chain Security Attacks

Phylum identifies malicious or risky open-source packages before they enter the software supply chain.

SCA or public databases
82%

of Phylum’s findings are not found by
SCA or reported to public databases

Other curation tools
70%

of Phylum’s findings are not found by
other curation tools

Other software supply chain companies
60%

of Phylum’s findings are not found by
other software supply chain companies

Phylum Discovers Dozens More PyPI Packages Attempting to Deliver W4SP Stealer in Ongoing Supply-Chain Attack

Phylum Discovers Dozens More PyPI Packages Attempting to Deliver W4SP Stealer in Ongoing Supply-Chain Attack

Phylum Research
Last week, our automated risk detection platform alerted us to some suspicious activity in dozens of newly published PyPI packages. It appears that these packages are a more sophisticated attempt to deliver the W4SP Stealer on
Phylum Research Team 8 min read

Phylum Blocks Software Supply Chain Security Attacks

Phylum identifies malicious or risky open-source packages before they enter the software supply chain.

SCA or public databases
82%

of Phylum’s findings are not found by
SCA or reported to public databases

Other curation tools
70%

of Phylum’s findings are not found by
other curation tools

Other software supply chain companies
60%

of Phylum’s findings are not found by
other software supply chain companies

Developers Are the New High-Value Targets

Developers Are the New High-Value Targets

Phylum Insights and Resources
Developers are the new high-value targets for attackers infecting the software supply chain. Phylum can block these attacks before they happen.
Phylum Research Team 4 min read

Phylum Blocks Software Supply Chain Security Attacks

Phylum identifies malicious or risky open-source packages before they enter the software supply chain.

SCA or public databases
82%

of Phylum’s findings are not found by
SCA or reported to public databases

Other curation tools
70%

of Phylum’s findings are not found by
other curation tools

Other software supply chain companies
60%

of Phylum’s findings are not found by
other software supply chain companies

Phylum Detects Active Typosquatting Campaign Targeting NPM Developers

Phylum Detects Active Typosquatting Campaign Targeting NPM Developers

Phylum Research
Early on Oct 2, 2022 Phylum's automated risk platform detected a large scale typosquatting campaign against NPM developers. The attackers targeted several high profile packages, including: * shebang-command * ignore * webidl-conversions * debug * supports-colors * anymatch * universalify * http-errors
Phylum Research Team 2 min read

Phylum Blocks Software Supply Chain Security Attacks

Phylum identifies malicious or risky open-source packages before they enter the software supply chain.

SCA or public databases
82%

of Phylum’s findings are not found by
SCA or reported to public databases

Other curation tools
70%

of Phylum’s findings are not found by
other curation tools

Other software supply chain companies
60%

of Phylum’s findings are not found by
other software supply chain companies