Q1 2024 Evolution of Software Supply Chain Security Report
Open source rocks, but 82% of malicious packages lack CVEs. Phylum monitors open-source libraries & alerts you to threats before they hit your software.
Phylum Research Team
Hackers, Data Scientists, and Engineers responsible for the identification and takedown of software supply chain attackers.
Rust Crate Shipping xz Backdoor
Rust crate found shipping XZ backdoor. Learn about Phylum’s discovery, the maintainer’s swift response, and potential risks that remain after the initial mitigation. Protect your software supply chain from similar threats.
Digital Detritus: Unintended Consequences of Open Source Sustainability Platforms
Developing story: Open source repositories are polluted with thousands of dubious packages published by opportunistic actors exploiting a protocol. Read more...
Malicious npm Package Caught Hijacking ERC20 Contracts to Drain USDT
On 26 March 2024, Phylum’s automated risk detection platform flagged a suspicious publication to npm called vue2util. It bills itself as, and upon first glance appears to be, a simple collection of utility functions for
Typosquatting Campaign Targets Python Developers
Phylum detects massive typosquat campaign targeting popular Python libraries on PyPI. Over 500 variations published. Protect your software supply chain from these threats.