Discord Contact
Phylum Detects Suspicious Publications Surrounding Popular Python Package Flask

Phylum Detects Suspicious Publications Surrounding Popular Python Package Flask

Phylum Research
On the morning of May 10, 2023, Phylum’s automated risk detection platform flagged a series of publications surrounding the popular Flask package on PyPI. After reaching out to the author, we discovered that they were
Phylum Research Team 9 min read

Phylum Blocks Software Supply Chain Security Attacks

Phylum identifies malicious or risky open-source packages before they enter the software supply chain.

SCA or public databases
82%

of Phylum’s findings are not found by
SCA or reported to public databases

Other curation tools
70%

of Phylum’s findings are not found by
other curation tools

Other software supply chain companies
60%

of Phylum’s findings are not found by
other software supply chain companies

Subscribe to our research

Keep up with the latest software supply chain attacks

⏲Please hold while we check our collection.

Something's gone wrong. Please try again.

Success! Check your inbox for our email.

Bad Beat Poetry

Bad Beat Poetry

Lockfiles are great. They can also be hard to review and a source of malicious code injection....
Charles Coggins 13 min read