Software supply chains are unique among the broader supply chain family. Logistics-based supply chain risks can be contained or limited by industry or region. However, all software applications, everywhere, rely on the same
On April 16, 2023, Phylum's automated risk detection platform detected a surge of publications of a library called vibranced ⚠️ Check Package on NPM. In this article, we will examine the actions taken by the attackers and their attempts to distribute Python-based malware on NPM.
Customers now have more flexibility when creating and enforcing custom policies, and can show compliance with key software supply chain frameworks, regulations and guidelines.
Phylum’s policy engine sits directly between the open-source
Phylum has recently discovered that a package called mathjs-min ⚠️ Check Package, which was uploaded to NPM by user rizzman on March 26, contains a Discord token grabber. This package is actually a modified
Phylum’s automated platform recently detected the onyxproxy package on PyPI, a malicious package that harvests and exfiltrates credentials and other sensitive data. In many ways, this package typifies other token stealers that
