Phylum
  • Product
  • Docs
  • About us
  • Blog
  • Contact
  • Sign Up
Internally Hosted Dependencies: A Losing Battle

security

Internally Hosted Dependencies: A Losing Battle

Dependency confusion allows bad actors to emulate internal software packages to gain access to developer workstations and critical build infrastructure. Understand this entirely new supply chain issue and how to manage against it.

Aaron Bray 23 Mar 2021
Repo Jacking: Hidden Danger in Broken Links

Repo Jacking: Hidden Danger in Broken Links

Repo jacking is an insidious software supply chain issue. Attackers can take over upstream packages if the original owner changes or deletes his/her username.

Aaron Bray 17 Mar 2021
How to Understand and Defend Against SolarWinds-Type Attacks

How to Understand and Defend Against SolarWinds-Type Attacks

In late 2020, one of the most devastating cyber attacks of the last decade was discovered: the SolarWinds breach.

Aaron Bray 9 Jan 2021
The Anatomy of a Malicious Package (Part 2)

The Anatomy of a Malicious Package (Part 2)

Picking up where we left off in the last article, we need to start thinking about improving our situation. To recap, we've now got initial execution on a victim system,

Aaron Bray 28 Aug 2020
Typosquatting and Other Attacks Against Open Source Dependencies

Typosquatting and Other Attacks Against Open Source Dependencies

In November of 2018 a malicious Javascript package was identified and subsequently removed from the NPM ecosystem. A nefarious modification was introduced into this package, flatmap-stream, which was then added

Louis Lang 27 Jul 2020

Product • Docs • About us • Pricing • Blog • Contact

Copyright © phylum.io

We're In Early Beta Access!

Be the first to know when we launch!
We won't send you any unwanted messages.