The Unacknowledged Risk of Authors
One of the largest attack surfaces across the software supply chain...
Research | Oct 02, 2022
Phylum Detects Active Typosquatting Campaign Targeting NPM Developers
Phylum detects a large scale typosquat campaign targeting the NPM ecosystem. Over 120 packages detected in this ongoing...
Louis Lang, CTO
What Happens to Author Reputation When Malicious Packages are Taken Offline?
What happens to an author after a malicious package is discovered and...
Aaron Bray, CEO
What Is "Abandonware" and Is It a Security Risk?
Identifying abandonware is not necessarily straightforward. In this...
Eric Freitag, Chief Engineer
Detecting Potential Bad Actors in GitHub
Phylum is continually working to improve our author risk analysis to...
Chris Tokita, Data Scientist
Build System and Version Control Compromises - the New Normal
While SolarWinds made headlines within the last few months for the...
Aaron Bray, CEO
Internally Hosted Dependencies: A Losing Battle
Dependency confusion allows bad actors to emulate internal software...
Aaron Bray, CEO
Repo Jacking: Hidden Danger in Broken Links
Repo jacking is an insidious software supply chain issue. Attackers...
Aaron Bray, CEO
How to Understand and Defend Against SolarWinds-Type Attacks
In late 2020, one of the most devastating cyber attacks of the last...
Aaron Bray, CEO
The Anatomy of a Malicious Package (Part 2)
Picking up where we left off in the last article, it's time to start...
Aaron Bray, CEO
The Anatomy of a Malicious Package
What does a malicious package actually look like in practice? We'll...