Respawning Malware Persists on PyPI
A bad actor on GitHub continually respawns his malware immediately after PyPI takes it down.
Research
Phylum Detects Suspicious Publications Surrounding Popular Python Package Flask
On the morning of May 10, 2023, Phylum’s automated risk detection platform flagged a series of publications surrounding the popular Flask package on PyPI. After reaching out to the author, we discovered
Phylum Discovers Mischievous NPM Publications
That’s right, we’re not talking about a malicious discovery today, but rather a mischievous one. Phylum’s automated risk detection platform alerted us to the publication of some obfuscated JavaScript packages
Bad Beat Poetry
Lockfiles are great. They can also be hard to review and a source of malicious code injection.
Q1 2023 Evolution of Software Supply Chain Security
Software supply chains are unique among the broader supply chain family. Logistics-based supply chain risks can be contained or limited by industry or region. However, all software applications, everywhere, rely on the same