Phylum Insights and Resources

Python Trojan Functions and Imports

Learn basic techniques attackers use to create malicious packages with trojan features found in attacks, including typosquatting, starjacking, dependency confusion, and lockfile injection.

Charles Coggins Apr 24, 2024 3 min read

Phylum Blocks Software Supply Chain Security Attacks

Phylum identifies malicious or risky open-source packages before they enter the software supply chain.

SCA or public databases

82%

of Phylum’s findings are not found by
SCA or reported to public databases

Other curation tools

70%

of Phylum’s findings are not found by
other curation tools

Other software supply chain companies

60%

of Phylum’s findings are not found by
other software supply chain companies

Python Package Spoofing

Find out how easy it is for threat actors to spoof legitimate Python packages as the foundation of their attacks on the software supply chain....

Charles Coggins Apr 24, 2024 6 min read

Series: How Malicious Python Code Gains Execution

Beyond vulnerabilities: Secure your Python code. Learn how attackers target software supply chains and an approach to preventing malicious code execution. See Phylum Research....

Charles Coggins Apr 24, 2024 2 min read

Enterprise Strategy Group Report: The Growing Complexity of Securing the Software Supply Chain

There is a significant increase in open-source software usage and security incidents. Many companies are vulnerable to attacks targeting third-party software and OSS code....

Mikala Vidal Apr 16, 2024 4 min read

The xz/liblzma Compromise and Software Supply Chain Security

A Major Threat to Software Supply Chain Security. This attack highlights the risks of relying on open-source libraries without proper scrutiny....

Aaron Bray Apr 2, 2024 4 min read

Phylum Insights and Resources

Phylum Blocks Software Supply Chain Security Attacks

Phylum identifies malicious or risky open-source packages before they enter the software supply chain.

Subscribe to our insights