Phylum automatically detects and blocks software supply chain attacks originating from open-source package registries: npm, PyPI, Rubygems, Crates.io, Nuget, Maven and Go.
Follow for research on supply chain attacks, malicious packages, and security shenanigans.
| Website | https://phylum.io |
| Github | https://github.com/phylum-dev |
| https://twitter.com/Phylum_IO | |
| https://www.linkedin.com/company/phylum-io/ |
🎃 Trick or treat? #Malware authors opted for the former with a series of malicious #npm packages targeting #Puppeteer users in an ongoing #typosquat campaign!
https://blog.phylum.io/supply-chain-security-typosquat-campaign-targeting-puppeteer-users/
#nodejs #npm #ethereum #opensource #javascript #cryptocurrency #cybersecurity #infosec #typescript
Have you ever had your private #crypto keys stolen? #Malware authors have published forks of the popular Ethers library that exfiltrate private keys and give attackers #SSH access to infected machines.
https://blog.phylum.io/trojanized-ethers-forks-on-npm-attempting-to-steal-ethereum-private-keys/
#npm #javascript #security #opensource #nodejs #infosec #typescript #ethereum #cryptocurrency #crypto
🇰🇵 ☠️ Multiple #NorthKorean state actors continue running #malware campaigns against #npm #developers, stealing credentials and financial assets.
https://blog.phylum.io/north-korea-still-attacking-developers-via-npm/
#dprk #moonsleet #contagiousinterview #CyberSecurity #javascript #typescript #opensource #hacking #nodejs
In the last 6 months, roughly 70% of new #npm packages were #spam. What does this mean for supply chain security?
At Black Hat USA? Find us in Startup City booth SC203!
Open-source spam is a growing threat. The Tea protocol and npm are taking action, but the problem persists. Our research is dedicated to combating this issue and protecting the integrity of the open-source ecosystem. See Phylum Research.
Our sponsors are the bee's knees! 🐝 Their support allows us to continue providing fun, alcohol-free events at security conferences, like the Sober Speakeasy on August 8th.
♦ Platinum: @intezerlabs
♦ Gold: @phylum, Write Alchemist, EmberOT
♦ Silver: Anetac, @infosystir, @DianaInitiative, Mind Over Cyber
Join us at the Mob Museum on August 8th between @blackhatevents & @defcon
Register at https://www.soberincyber.org/events-1/sober-speakeasy-2024
Backdoor sneaked into fake AWS package was downloaded hundreds of times
Files available on the open source NPM repository underscore a growing sophistication.
We've uncovered #malware hidden in a Microsoft logo JPG, shipping as fake #AWS packages on #npm! 😲
https://blog.phylum.io/fake-aws-packages-ship-command-and-control-malware-in-jpeg-files/
#steganography #opensource #cybersecurity #npmjs #javascript #typescript #software #infosec #js
On July 13, 2024, the Phylum platform alerted us to a series of odd packages published to the npm package registry. At first glance, these packages appear entirely legitimate; however, as our system automatically noted, they contained sophisticated command and control functionality hidden in image files that would be executed
Advanced threat actors have not let up on their attacks against the software supply chain. We catalog recent attacks from North Korean state actors in our new blog post!
For over a year, Phylum has been exposing North Korean threat actors attacking software developers in the open-source supply chain. This blog post highlights evolving tactics from a North Korean campaign that began in September 2023 with a package published on 4 July 2024 in npm. Like a snake shedding
Supply chain attacks come in all shapes and sizes. Today Phylum Research discusses its discovery of malicious #jQuery files in #npm.
https://blog.phylum.io/persistent-npm-campaign-shipping-trojanized-jquery/
#javascript #opensource #sbom #js #npmjs #node #cybersecurity #softwaredevelopment #software
Since May 26, 2024, Phylum has been monitoring a persistent supply chain attacker involving a trojanized version of jQuery. We initially discovered the malicious variant on npm, where we saw the compromised version published in dozens of packages over a month. After investigating, we found instances of the trojanized jQuery
#OpenSource libs routinely use polyfill.io. Just bc you arent using the compromised #CDN directly, one of your deps might be. We put together a list of recently released pkgs that ref polyfill.io!
Background On July 25, 2024, Sansec issued an alert to developers regarding a serious supply-chain security incident. The CDN on the polyfill[.]io domain was found to be serving malware in a highly sophisticated manner designed to evade detection. The issue traces back to February 2024, when a Chinese company
Sober in Cyber
Ars Technica