Development is happening more quickly than ever before, and Department of Defense stakeholders want more automation in software development and acquisitions.
Recent strategic initiatives from the White House to the DoD Chief Information
tl;dr - An unsophisticated actor efficiently published about a thousand typosquatted packages of forty popular Python packages containing malicious code in a campaign that lasted two days, but actually only took about
Since the announcement of Executive Order 14028, curiosity and confusion around SBOM (Software Bill of Materials) mandates has been widespread. SBOMs are indeed a jumping off point when it comes to the task
🚨 This appears to be an ongoing attack. As of the morning of 2/24/2023 an additional 600+ packages have been published by this actor. In total we have identified 5,943 malicious
On 8 February 2023 at 21:25:00 UTC, Phylum’s automated risk detection platform alerted us to the publication of pycolured on PyPI, and we immediately notified the PyPI maintainers. As we