Phylum Research Team - Phylum Research | Software Supply Chain Security (Page 2)

The Great npm Garbage Patch

Phylum Research

Open-source spam is a growing threat. The Tea protocol and npm are taking action, but the problem persists. Our research is dedicated to combating this issue and protecting the integrity of the open-source ecosystem. See Phylum Research.

Phylum Research Team Aug 6, 2024 5 min read

Phylum Blocks Software Supply Chain Security Attacks

Phylum identifies malicious or risky open-source packages before they enter the software supply chain.

SCA or public databases

82%

of Phylum’s findings are not found by
SCA or reported to public databases

Other curation tools

70%

of Phylum’s findings are not found by
other curation tools

Other software supply chain companies

60%

of Phylum’s findings are not found by
other software supply chain companies

Q2 2024 Evolution of Software Supply Chain Security Report

Phylum Research

In Q2 2024, verified malicious package publications were up with increased obfuscation. Attack sophistication has continued to evolve. See the Phylum Research Team's Quarterly Report.

Phylum Research Team Jul 31, 2024 8 min read

Phylum Blocks Software Supply Chain Security Attacks

Phylum identifies malicious or risky open-source packages before they enter the software supply chain.

SCA or public databases

82%

of Phylum’s findings are not found by
SCA or reported to public databases

Other curation tools

70%

of Phylum’s findings are not found by
other curation tools

Other software supply chain companies

60%

of Phylum’s findings are not found by
other software supply chain companies

Fake AWS Packages Ship Command and Control Malware In JPEG Files

Phylum Research

Beware of malicious JPEG files. Fake AWS packages sneak command-and-control malware into systems, leaving developers vulnerable to attack for more extended periods. See Phylum Research.

Phylum Research Team Jul 14, 2024 5 min read

Phylum Blocks Software Supply Chain Security Attacks

Phylum identifies malicious or risky open-source packages before they enter the software supply chain.

SCA or public databases

82%

of Phylum’s findings are not found by
SCA or reported to public databases

Other curation tools

70%

of Phylum’s findings are not found by
other curation tools

Other software supply chain companies

60%

of Phylum’s findings are not found by
other software supply chain companies

New Tactics from a Familiar Threat

Phylum Research

North Korean hackers are using a new tactic to target software developers. They create fake copies of legitimate packages to steal cryptocurrency and other sensitive data. See Phylum Research...

Phylum Research Team Jul 8, 2024 9 min read

Phylum Blocks Software Supply Chain Security Attacks

Phylum identifies malicious or risky open-source packages before they enter the software supply chain.

SCA or public databases

82%

of Phylum’s findings are not found by
SCA or reported to public databases

Other curation tools

70%

of Phylum’s findings are not found by
other curation tools

Other software supply chain companies

60%

of Phylum’s findings are not found by
other software supply chain companies

Persistent npm Campaign Shipping Trojanized jQuery

Phylum Research

Protect your JavaScript projects. Learn about a persistent campaign targeting npm with trojanized jQuery packages designed to steal form data. See Phylum Research.

Phylum Research Team Jul 3, 2024 8 min read

Phylum Blocks Software Supply Chain Security Attacks

Phylum identifies malicious or risky open-source packages before they enter the software supply chain.

SCA or public databases

82%

of Phylum’s findings are not found by
SCA or reported to public databases

Other curation tools

70%

of Phylum’s findings are not found by
other curation tools

Other software supply chain companies

60%

of Phylum’s findings are not found by
other software supply chain companies