Detecting Potential Bad Actors in GitHub
Phylum is continually working to improve our author risk analysis to...
Research | Nov 22, 2022
Disrupting a PyPI Software Supply Chain Threat Actor
Phylum disrupts software supply chain attacker attempting to construct an army of infected developer machines.
Louis Lang, CTO
Build System and Version Control Compromises - the New Normal
While SolarWinds made headlines within the last few months for the...
Aaron Bray, CEO
Internally Hosted Dependencies: A Losing Battle
Dependency confusion allows bad actors to emulate internal software...
Aaron Bray, CEO
Repo Jacking: Hidden Danger in Broken Links
Repo jacking is an insidious software supply chain issue. Attackers...
Aaron Bray, CEO
How to Understand and Defend Against SolarWinds-Type Attacks
In late 2020, one of the most devastating cyber attacks of the last...
Aaron Bray, CEO
The Anatomy of a Malicious Package (Part 2)
Picking up where we left off in the last article, it's time to start...
Aaron Bray, CEO
The Anatomy of a Malicious Package
What does a malicious package actually look like in practice? We'll...
Aaron Bray, CEO
Typosquatting and Other Attacks Against Open Source Dependencies
In November of 2018, a malicious Javascript package was identified...