Internally Hosted Dependencies: A Losing Battle
Dependency confusion allows bad actors to emulate internal software...
| Jan 29, 2023
Phylum Identifies 137 Malicious npm Packages
137 malicious packages were recently published to npm that exfiltrate host information to a remote endpoint as part of a...
The Phylum Research Team
Repo Jacking: Hidden Danger in Broken Links
Repo jacking is an insidious software supply chain issue. Attackers...
Aaron Bray, CEO
How to Understand and Defend Against SolarWinds-Type Attacks
In late 2020, one of the most devastating cyber attacks of the last...
Aaron Bray, CEO
The Anatomy of a Malicious Package (Part 2)
Picking up where we left off in the last article, it's time to start...
Aaron Bray, CEO
The Anatomy of a Malicious Package
What does a malicious package actually look like in practice? We'll...
Aaron Bray, CEO
Typosquatting and Other Attacks Against Open Source Dependencies
In November of 2018, a malicious Javascript package was identified...
