Phylum

@[email protected]
112 Followers
4 Following
47 Posts

Phylum automatically detects and blocks software supply chain attacks originating from open-source package registries: npm, PyPI, Rubygems, Crates.io, Nuget, Maven and Go.

Follow for research on supply chain attacks, malicious packages, and security shenanigans.

Websitehttps://phylum.io
Githubhttps://github.com/phylum-dev
Twitterhttps://twitter.com/Phylum_IO
Linkedinhttps://www.linkedin.com/company/phylum-io/
PhylumSep 8, 2023

For an attacker, the software supply chain is a simple path towards compromising #developers & #engineers. At @phylum most of the #malware we see in #opensource registries is targeting #developers and the orgs they work for - to devastating effect.

#infosec #cybersecurity

PhylumSep 5, 2023

Perhaps one of the greatest summaries of @phylum that's ever been written. Excellent write-up from TheFinalHop!

https://www.thefinalhop.com/nascent-malware-campaign-targets-npm-pypi-and-rubygems-developers-a-deep-dive/

#opensource #infosec #cyberattack #malware #npm #pypi #rubygems #javascript #python #ruby

Nascent Malware Campaign Targets npm, PyPI, and RubyGems Developers: A Deep Dive

In the ever-evolving landscape of cybersecurity, the Phylum Research Team has recently unearthed a nascent malware campaign that poses a significant threat to developers across multiple programming ecosystems—npm, PyPI, and RubyGems. This blog post aims to dissect the intricacies of this campaign, its modus operandi, and the potential risks

The Final Hop