#457: Software Supply Chain Security with Phylum <— latest episode is out! #python cc Michael Kennedy and Charles Coggins from Phylum talkpython.fm/episodes/show/…

We've uncovered new #malware packages published to #npm that appear to be an evolution on a previous supply chain attack carried out by nation state backed actors ☠ blog.phylum.io/north-korean-s… #npmjs #javascript #supplychainattack #opensource #infosec

We've uncovered a package published to #PyPI that is hiding a C2 in a PNG file. This package ships as an improvement to the "requests" library, but actually ships a malicious Go binary! blog.phylum.io/malicious-go-b… #malware #opensource #supplychainsecurity #python #infosec #pip

Nothing is safe. A few days ago, Phylum's automated platform identified a malicious package targeting users of the #gulp toolkit. The package drops a remote access tool and other nastiness. blog.phylum.io/sophisticated-… #javascript #malware #npm #typescript #opensource #gulpjs

Credential stealer? ✅ Keylogger? ✅ Cryptocurrency stealer? ✅ Phylum uncovers more malicious #npm packages targeting the #Javascript ecosystem. blog.phylum.io/npm-package-ca… #malware #opensource #bitcoin #cryptocurrency #typescript #software #infosec #cybersecurity

#OpenSource libs routinely use polyfill.io. Just bc you arent using the compromised #CDN directly, one of your deps might be. We put together a list of recently released pkgs that ref polyfill.io! #polyfill #polyfillio #malware blog.phylum.io/a-note-about-p…

Supply chain attacks come in all shapes and sizes. Today Phylum Research discusses its discovery of malicious #jQuery files in #npm. blog.phylum.io/persistent-npm… #javascript #opensource #sbom #js #npmjs #node #CyberSecurity

Advanced threat actors have not let up on their attacks against the software supply chain. We catalog recent attacks from North Korean state actors in our new blog post! #npm #javascript #typescript #malware #cybersecurity #npmjs blog.phylum.io/new-tactics-fr…

We've uncovered #malware hidden in a Microsoft logo JPG, shipping as fake #AWS packages on #npm! 😲 blog.phylum.io/fake-aws-packa… #steganography #opensource #cybersecurity #npmjs #javascript #typescript #SoftwareDevelopment #informationsecurity

Code sneaked into fake AWS downloaded hundreds of times backdoored dev devices arstechnica.com/?p=2037194

In the last 6 months, roughly 70% of new #npm packages were #spam. What does this mean for supply chain security? At Black Hat USA? Find us in Startup City booth SC203! #npmjs #node #javascript #typescript #infosec #opensource blog.phylum.io/the-great-npm-…

🇰🇵☠️ Multiple #NorthKorean state actors continue running #malware campaigns against #npm #developers, stealing credentials and financial assets. blog.phylum.io/north-korea-st… #dprk #moonsleet #contagiousinterview #CyberSecurity #javascript #opensource

Phylum For Artifact Repositories and Package Managers blog.phylum.io/phylum-for-art… #opensource #techcommunity #opensourceecosystem #softwaresupplychain #DevOps #CISO #AppSec #acceptableuse #machinelearning #techcommunity #developercommunity

Have you ever had your private #crypto keys stolen? #Malware authors have published forks of the popular Ethers library that exfiltrate private keys & give attackers #SSH access to infected machines. blog.phylum.io/trojanized-eth… #npm #opensource #security #ethereum #cryptocurrency

Subscribe to Phylum Research ⚔️ New Report Coming Soon 🔔 blog.phylum.io/subscribe-to-t… #opensource #techcommunity #opensourceecosystem #softwaresupplychain #devops #CISO #AppSec #acceptableuse #techcommunity #developercommunity

🎃 Trick or treat? #Malware authors opted for the former with a series of malicious #npm packages targeting #Puppeteer users in an ongoing #typosquat campaign! blog.phylum.io/supply-chain-s… #nodejs #npm #ethereum #opensource #javascript #cryptocurrency #cybersecurity #infosec

Q3 2024 Evolution of Software Supply Chain Security Report via the Phylum Research Team - blog.phylum.io/q3-2024-evolut… #malciouspackages #npm #opensourceecosystem #DevOps #CISO #AppSec #acceptableuse #softwaresupplychainsecurity #CybersecurityAwarenessMonth #CyberSecurity

"In Q3 2024, Phylum identified 465,897 malicious packages in the software supply chain open source ecosystem." Read the latest Evolution of Software Supply Chain Security Report via the Phylum Research Team - blog.phylum.io/q3-2024-evolut… [7 min read] #DevOps #CISO #opensourceecosystem

Phylum Exclusive Research Report by #CEO, Aaron Bray ⚔️ 2025 Software Supply Chain Security Trends & Predictions: AI, Shadow Application Development and Nation-State Attacks - blog.phylum.io/2025-trends-pr… #phylumresearch #softwaresupplychainsecurity #2025trends #CEOinsights

📢 Breaking news: We’re beyond excited to announce that our malicious package analysis, detection, and mitigation technology has been acquired by Veracode! Together, we’ll take software supply chain security to the next level. Read more below: veracode.com/press-release/…