Phylum Research

npm Package Caught Stealing Crypto Browser Extension Data

Phylum Research

Uncover the hidden dangers of npm packages. Phylum Research reveals a malicious package known as "react-zutils" designed to steal cryptocurrency data.

Phylum Research Team Jun 5, 2024 8 min read

Phylum Blocks Software Supply Chain Security Attacks

Phylum identifies malicious or risky open-source packages before they enter the software supply chain.

SCA or public databases

82%

of Phylum’s findings are not found by
SCA or reported to public databases

Other curation tools

70%

of Phylum’s findings are not found by
other curation tools

Other software supply chain companies

60%

of Phylum’s findings are not found by
other software supply chain companies

Sophisticated RAT Targeting Gulp Projects on npm

This Phylum research exposes a malicious package containing a Remote Access Trojan (RAT) targeting developers using Gulp. Learn more....

Phylum Research Team May 31, 2024 9 min read

Malicious Go Binary Delivered via Steganography in PyPI

Open-source Ecosystem Malware Alert: Phylum Research exposes a novel steganography attack to deliver a malicious Go binary within a PyPI package....

Phylum Research Team May 10, 2024 5 min read

Nation-State Threat Actors Renew Publications to npm

North Korean threat actors return to npm with a new attack. Phylum detects malicious packages targeting macOS and Windows. Protect your software supply chain....

Phylum Research Team Apr 24, 2024 6 min read

Q1 2024 Evolution of Software Supply Chain Security Report

Open source rocks, but 82% of malicious packages lack CVEs. Phylum monitors open-source libraries & alerts you to threats before they hit your software....

Phylum Research Team Apr 15, 2024 7 min read

Phylum Research

Phylum Blocks Software Supply Chain Security Attacks

Phylum identifies malicious or risky open-source packages before they enter the software supply chain.

Subscribe to our research