#Malware is a daily occurence in open source. Software supply chains are perpetually at risk. Weve been tracking several pkgs targeting #python developers. Were also tracking a few more campaigns. More to follow. #opensource #cyberattack #infosec #pypi blog.phylum.io/obfuscated-pyp…

How about some #npm #malware to start your day? Along with the #pypi campaign we have been reporting on, we have also identified a large number of #javascript packages deploying a reverse shell. blog.phylum.io/dozens-of-npm-… #opensource #cybersecurity #infosec #npmjs

Navigating the NPM Minefield: A Reverse Shell Campaign Uncovered #cybersecurity #infosec #npm #CyberAttack thefinalhop.com/navigating-the…

#Malware is so pervasive in open source, we're able to write nearly daily reports 😬 Today we're covering a fairly complicated attack chain targeted #crypto developers. blog.phylum.io/crypto-themed-… #opensource #npm #javascript #bitcoin

Supply chain attacks cont. to plague the crypto community. Ledger compromised. Wallets drained. For an attacker, supply chain attacks are a simple path to significant outcomes. #malware #npm #cryptocurrency #ledger #javascript #web3 #dapps #ledgerhacked blog.phylum.io/ledger-phishin…

#100DaysofYARA Day 19: This rule detects the malicious msedge.dll file used by #virusloader (reference: blog.phylum.io/npm-package-fo…) Rule: github.com/RussianPanda95…

Developers continue to be targeted with fake job interviews and malicious #GitHub repositories. #malware #npm #SoftwareDevelopment #opensource #javascript blog.phylum.io/smuggling-malw…

🎉As Phylum turns 4, our research team has started a blog series outlining our methodology & ethos around #softwaresupplychain risk, starting w/ an introduction from 1st principles. blog.phylum.io/an-introductio… #opensource #malware #javascript #pypi #golang #ruby #rust #java

We've uncovered a large #typosquat campaign targeting #python developers. In the wake of this campaign, #pypi has suspended new user registrations. blog.phylum.io/typosquatting-… #malware #opensource #CyberSecurity #SoftwareDevelopment

🚨 Urgent: Malicious "test files" linked to the XZ Utils backdoor found in popular Rust crate liblzma-sys, downloaded over 21,000 times. Read on for details -> thehackernews.com/2024/04/popula… #hacking #cybersecurity

The #xz backdoor continues to pop up. We recently located the backdoor binaries in a popular Rust crate. Thanks to the quick work by the maintainer, the problem was quickly solved! blog.phylum.io/rust-crate-shi… #rust #cratesio #opensource

We've uncovered new #malware packages published to #npm that appear to be an evolution on a previous supply chain attack carried out by nation state backed actors ☠ blog.phylum.io/north-korean-s… #npmjs #javascript #supplychainattack #opensource #infosec

Nothing is safe. A few days ago, Phylum's automated platform identified a malicious package targeting users of the #gulp toolkit. The package drops a remote access tool and other nastiness. blog.phylum.io/sophisticated-… #javascript #malware #npm #typescript #opensource #gulpjs

Credential stealer? ✅ Keylogger? ✅ Cryptocurrency stealer? ✅ Phylum uncovers more malicious #npm packages targeting the #Javascript ecosystem. blog.phylum.io/npm-package-ca… #malware #opensource #bitcoin #cryptocurrency #typescript #software #infosec #cybersecurity

COMPETITION TIME 🎉🥳 THE ULTIMATE #TASKMASTER FAN BUNDLE We're giving away: 🎟️2x tickets to a live recording of Taskmaster 🤝Meet & greet @alexhorne 💌A Meta Quest 3 and a copy of Taskmaster VR Runner up x3: Copy of Taskmaster VR To enter: Follow Scallywagarcade on X 👍

#OpenSource libs routinely use polyfill.io. Just bc you arent using the compromised #CDN directly, one of your deps might be. We put together a list of recently released pkgs that ref polyfill.io! #polyfill #polyfillio #malware blog.phylum.io/a-note-about-p…

Advanced threat actors have not let up on their attacks against the software supply chain. We catalog recent attacks from North Korean state actors in our new blog post! #npm #javascript #typescript #malware #cybersecurity #npmjs blog.phylum.io/new-tactics-fr…

We've uncovered #malware hidden in a Microsoft logo JPG, shipping as fake #AWS packages on #npm! 😲 blog.phylum.io/fake-aws-packa… #steganography #opensource #cybersecurity #npmjs #javascript #typescript #SoftwareDevelopment #informationsecurity

🇰🇵☠️ Multiple #NorthKorean state actors continue running #malware campaigns against #npm #developers, stealing credentials and financial assets. blog.phylum.io/north-korea-st… #dprk #moonsleet #contagiousinterview #CyberSecurity #javascript #opensource

Have you ever had your private #crypto keys stolen? #Malware authors have published forks of the popular Ethers library that exfiltrate private keys & give attackers #SSH access to infected machines. blog.phylum.io/trojanized-eth… #npm #opensource #security #ethereum #cryptocurrency