Phylum Research

Research   |   Dec 06, 2022

Report: 2022 Evolution of Software Supply Chain Security

Find out what the Phylum team learned in 2022 and is looking forward...

Research   |   Nov 18, 2022

W4SP Stealer Update—Attacker now Attempting to Masquerade as Popular Orgs

Phylum's team has discovered more PyPI packages attempting to deliver...

Research   |   Nov 01, 2022

Phylum Discovers Dozens More PyPI Packages Attempting to Deliver W4SP Stealer in Ongoing Supply-Chain Attack

Last week, our automated risk detection platform alerted us to...

Attack Types   |   Aug 25, 2022

The Unacknowledged Risk of Authors

One of the largest attack surfaces across the software supply chain...

Attack Types   |   Oct 18, 2021

What Happens to Author Reputation When Malicious Packages are Taken Offline?

What happens to an author after a malicious package is discovered and...

Attack Types   |   Sep 09, 2021

What Is "Abandonware" and Is It a Security Risk?

Identifying abandonware is not necessarily straightforward. In this...

Attack Types   |   Aug 27, 2021

Detecting Potential Bad Actors in GitHub

Phylum is continually working to improve our author risk analysis to...

Attack Types   |   Apr 25, 2021

Build System and Version Control Compromises - the New Normal

While SolarWinds made headlines within the last few months for the...

Attack Types   |   Mar 23, 2021

Internally Hosted Dependencies: A Losing Battle

Dependency confusion allows bad actors to emulate internal software...

Attack Types   |   Mar 17, 2021

Repo Jacking: Hidden Danger in Broken Links

Repo jacking is an insidious software supply chain issue. Attackers...