Phylum automates software supply chain security to contextualize risks, block attacks and allow organizations to only use trusted open-source code.
Joined August 2020
- Tweets 401
- Following 374
- Followers 328
- Likes 695
102 Photos and videos
6 Jan 2025
📢 Breaking news: We’re beyond excited to announce that our malicious package analysis, detection, and mitigation technology has been acquired by @Veracode! Together, we’ll take software supply chain security to the next level. Read more below:
veracode.com/press-release/v…
1
8
884
21 Nov 2024
Phylum Exclusive Research Report by #CEO, Aaron Bray ⚔️ 2025 Software Supply Chain Security Trends & Predictions: AI, Shadow Application Development and Nation-State Attacks - blog.phylum.io/2025-trends-p…
#phylumresearch #softwaresupplychainsecurity #2025trends #CEOinsights
2
6
272
7 Nov 2024
"In Q3 2024, Phylum identified 465,897 malicious packages in the software supply chain open source ecosystem." Read the latest Evolution of Software Supply Chain Security Report via the Phylum Research Team - blog.phylum.io/q3-2024-evolu… [7 min read]
#DevOps #CISO #opensourceecosystem
4
181
31 Oct 2024
Q3 2024 Evolution of Software Supply Chain Security Report via the Phylum Research Team - blog.phylum.io/q3-2024-evolu…
#malciouspackages #npm #opensourceecosystem #DevOps #CISO #AppSec #acceptableuse #softwaresupplychainsecurity #CybersecurityAwarenessMonth #CyberSecurity
3
132
31 Oct 2024
🎃 Trick or treat? #Malware authors opted for the former with a series of malicious #npm packages targeting #Puppeteer users in an ongoing #typosquat campaign!
blog.phylum.io/supply-chain-…
#nodejs #npm #ethereum #opensource #javascript #cryptocurrency #cybersecurity #infosec
1
6
200
22 Oct 2024
Subscribe to Phylum Research ⚔️ New Report Coming Soon 🔔 blog.phylum.io/subscribe-to-…
#opensource #techcommunity #opensourceecosystem #softwaresupplychain #devops #CISO #AppSec #acceptableuse #techcommunity #developercommunity
82
18 Oct 2024
Have you ever had your private #crypto keys stolen? #Malware authors have published forks of the popular Ethers library that exfiltrate private keys & give attackers #SSH access to infected machines.
blog.phylum.io/trojanized-et…
#npm #opensource #security #ethereum #cryptocurrency
4
4
215
24 Sep 2024
Phylum For Artifact Repositories and Package Managers
blog.phylum.io/phylum-for-ar…
#opensource #techcommunity #opensourceecosystem #softwaresupplychain #DevOps #CISO #AppSec #acceptableuse #machinelearning #techcommunity #developercommunity
1
1
109
29 Aug 2024
🇰🇵☠️ Multiple #NorthKorean state actors continue running #malware campaigns against #npm #developers, stealing credentials and financial assets.
blog.phylum.io/north-korea-s…
#dprk #moonsleet #contagiousinterview #CyberSecurity #javascript #opensource
1
8
15
1,226
6 Aug 2024
In the last 6 months, roughly 70% of new #npm packages were #spam. What does this mean for supply chain security?
At Black Hat USA? Find us in Startup City booth SC203!
#npmjs #node #javascript #typescript #infosec #opensource
blog.phylum.io/the-great-npm…
3
4
402
Phylum retweeted
15 Jul 2024
Code sneaked into fake AWS downloaded hundreds of times backdoored dev devices arstechnica.com/?p=2037194
1
18
28
11,050
15 Jul 2024
We've uncovered #malware hidden in a Microsoft logo JPG, shipping as fake #AWS packages on #npm! 😲
blog.phylum.io/fake-aws-pack…
#steganography #opensource #cybersecurity #npmjs #javascript #typescript #SoftwareDevelopment #informationsecurity
5
9
410
8 Jul 2024
Advanced threat actors have not let up on their attacks against the software supply chain. We catalog recent attacks from North Korean state actors in our new blog post!
#npm #javascript #typescript #malware #cybersecurity #npmjs
blog.phylum.io/new-tactics-f…
4
5
427
4 Jul 2024
Supply chain attacks come in all shapes and sizes. Today Phylum Research discusses its discovery of malicious #jQuery files in #npm.
blog.phylum.io/persistent-np…
#javascript #opensource #sbom #js #npmjs #node #CyberSecurity
1
4
5
565
27 Jun 2024
#OpenSource libs routinely use polyfill.io. Just bc you arent using the compromised #CDN directly, one of your deps might be. We put together a list of recently released pkgs that ref polyfill.io!
#polyfill #polyfillio #malware
blog.phylum.io/a-note-about-…
1
6
449
5 Jun 2024
Credential stealer? ✅ Keylogger? ✅ Cryptocurrency stealer? ✅
Phylum uncovers more malicious #npm packages targeting the #Javascript ecosystem.
blog.phylum.io/npm-package-c…
#malware #opensource #bitcoin #cryptocurrency #typescript #software #infosec #cybersecurity
2
3
4
271
31 May 2024
Nothing is safe. A few days ago, Phylum's automated platform identified a malicious package targeting users of the #gulp toolkit. The package drops a remote access tool and other nastiness.
blog.phylum.io/sophisticated…
#javascript #malware #npm #typescript #opensource #gulpjs
2
7
171
13 May 2024
We've uncovered a package published to #PyPI that is hiding a C2 in a PNG file. This package ships as an improvement to the "requests" library, but actually ships a malicious Go binary!
blog.phylum.io/malicious-go-…
#malware #opensource #supplychainsecurity #python #infosec #pip
3
3
345
24 Apr 2024
We've uncovered new #malware packages published to #npm that appear to be an evolution on a previous supply chain attack carried out by nation state backed actors ☠
blog.phylum.io/north-korean-…
#npmjs #javascript #supplychainattack #opensource #infosec
2
5
233
Phylum retweeted
19 Apr 2024
#457: Software Supply Chain Security with Phylum <— latest episode is out! #python cc @mkennedy and Charles Coggins from @Phylum_IO
talkpython.fm/episodes/show/…
2
10
1,897