Phylum Research

June’s Sophisticated npm Attack Attributed to North Korea

Phylum Research

In June 2023, Phylum was the first to unearth a series of suspicious npm publications belonging to what appeared to be a highly targeted attack. The identified packages, published in pairs, required installation in a specific

Phylum Research Team Jul 22, 2023 5 min read

Phylum Blocks Software Supply Chain Security Attacks

Phylum identifies malicious or risky open-source packages before they enter the software supply chain.

SCA or public databases

82%

of Phylum’s findings are not found by
SCA or reported to public databases

Other curation tools

70%

of Phylum’s findings are not found by
other curation tools

Other software supply chain companies

60%

of Phylum’s findings are not found by
other software supply chain companies

Phylum Discovers Sophisticated Ongoing Attack on NPM

🚨Jul 22, 2023 Update: This attack has now been attributed to North Korean nation-state actors. Click here to learn more. On June 11, Phylum’s...

Phylum Research Team Jun 23, 2023 8 min read

Respawning Malware Persists on PyPI

A bad actor on GitHub continually respawns his malware immediately after PyPI takes it down....

Phylum Research Team May 16, 2023 5 min read

Phylum Detects Suspicious Publications Surrounding Popular Python Package Flask

On the morning of May 10, 2023, Phylum’s automated risk detection platform flagged a series of publications surrounding the popular Flask package on PyPI....

Phylum Research Team May 12, 2023 9 min read

Phylum Discovers Mischievous NPM Publications

That’s right, we’re not talking about a malicious discovery today, but rather a mischievous one. Phylum’s automated risk detection platform alerted us...

Phylum Research Team May 2, 2023 4 min read

Phylum Research

Phylum Blocks Software Supply Chain Security Attacks

Phylum identifies malicious or risky open-source packages before they enter the software supply chain.

Subscribe to our research