Phylum (Page 2)

Cloud Provider Credentials Targeted in New PyPI Malware Campaign

Research

Over the weekend, Phylum’s automated risk detection alerted us to a series of publications surrounding packages on PyPI, all purporting to be some kind of cloud provider SDK or helper package. While these packages do,

Phylum Research Team Oct 10, 2023 4 min read

Subscribe to our research

Keep up with the latest software supply chain attacks

The Power of the Pod

I love podcasts. I started listening in 2005 with an Apple iPod I got the year before. To really date me, I used a 3....

Charles Coggins Sep 30, 2023 5 min read

Sensitive Data Exfiltration Campaign Targets npm and PyPI

Phylum has discovered another new multi-ecosystem campaign aiming to exfiltrate sensitive machine information to a remote server. The attack has grown in both scope and...

Phylum Research Team Sep 26, 2023 13 min read

Large Typosquat Campaign Targeting React and Angular

Phylum is tracking a large typosquat campaign targeting the npm ecosystem. A user is currently publishing many typosquat packages masquerading as react and angular. As...

Phylum Research Team Sep 26, 2023 9 min read

Nascent Malware Campaign Targets npm, PyPI, and RubyGems Developers

⚠️September 5, 2023: This appears to be an ongoing campaign with additional packages published. The package timeline table has been updated to reflect this. Phylum...

Phylum Research Team Sep 4, 2023 7 min read