📢 Breaking news: We’re beyond excited to announce that our malicious package analysis, detection, and mitigation technology has been acquired by @Veracode! Together, we’ll take software supply chain security to the next level. Read more below:.

Phylum Exclusive Research Report by #CEO, Aaron Bray ⚔️ 2025 Software Supply Chain Security Trends & Predictions: AI, Shadow Application Development and Nation-State Attacks - #phylumresearch #softwaresupplychainsecurity #2025trends #CEOinsights.

"In Q3 2024, Phylum identified 465,897 malicious packages in the software supply chain open source ecosystem." Read the latest Evolution of Software Supply Chain Security Report via the Phylum Research Team - [7 min read].#DevOps #CISO #opensourceecosystem

Q3 2024 Evolution of Software Supply Chain Security Report via the Phylum Research Team - #malciouspackages #npm #opensourceecosystem #DevOps #CISO #AppSec #acceptableuse #softwaresupplychainsecurity #CybersecurityAwarenessMonth #CyberSecurity.

🎃 Trick or treat? #Malware authors opted for the former with a series of malicious #npm packages targeting #Puppeteer users in an ongoing #typosquat campaign!. #nodejs #npm #ethereum #opensource #javascript #cryptocurrency #cybersecurity #infosec.

Subscribe to Phylum Research ⚔️ New Report Coming Soon 🔔 #opensource #techcommunity #opensourceecosystem #softwaresupplychain #devops #CISO #AppSec #acceptableuse #techcommunity #developercommunity

Have you ever had your private #crypto keys stolen? #Malware authors have published forks of the popular Ethers library that exfiltrate private keys & give attackers #SSH access to infected machines. #npm #opensource #security #ethereum #cryptocurrency.

Phylum For Artifact Repositories and Package Managers.. #opensource #techcommunity #opensourceecosystem #softwaresupplychain #DevOps #CISO #AppSec #acceptableuse #machinelearning #techcommunity #developercommunity.

🇰🇵☠️ Multiple #NorthKorean state actors continue running #malware campaigns against #npm #developers, stealing credentials and financial assets. #dprk #moonsleet #contagiousinterview #CyberSecurity #javascript #opensource.

In the last 6 months, roughly 70% of new #npm packages were #spam. What does this mean for supply chain security? . At Black Hat USA? Find us in Startup City booth SC203!. #npmjs #node #javascript #typescript #infosec #opensource.

RT @arstechnica: Code sneaked into fake AWS downloaded hundreds of times backdoored dev devices

We've uncovered #malware hidden in a Microsoft logo JPG, shipping as fake #AWS packages on #npm! 😲. #steganography #opensource #cybersecurity #npmjs #javascript #typescript #SoftwareDevelopment #informationsecurity.

Advanced threat actors have not let up on their attacks against the software supply chain. We catalog recent attacks from North Korean state actors in our new blog post!. #npm #javascript #typescript #malware #cybersecurity #npmjs.

Supply chain attacks come in all shapes and sizes. Today Phylum Research discusses its discovery of malicious #jQuery files in #npm. #javascript #opensource #sbom #js #npmjs #node #CyberSecurity.

#OpenSource libs routinely use Just bc you arent using the compromised #CDN directly, one of your deps might be. We put together a list of recently released pkgs that ref . #polyfill #polyfillio #malware.

Credential stealer? ✅ Keylogger? ✅ Cryptocurrency stealer? ✅. Phylum uncovers more malicious #npm packages targeting the #Javascript ecosystem. #malware #opensource #bitcoin #cryptocurrency #typescript #software #infosec #cybersecurity.

Nothing is safe. A few days ago, Phylum's automated platform identified a malicious package targeting users of the #gulp toolkit. The package drops a remote access tool and other nastiness. #javascript #malware #npm #typescript #opensource #gulpjs.

We've uncovered a package published to #PyPI that is hiding a C2 in a PNG file. This package ships as an improvement to the "requests" library, but actually ships a malicious Go binary!. #malware #opensource #supplychainsecurity #python #infosec #pip.

We've uncovered new #malware packages published to #npm that appear to be an evolution on a previous supply chain attack carried out by nation state backed actors ☠. #npmjs #javascript #supplychainattack #opensource #infosec.

RT @mkennedy: #457: Software Supply Chain Security with Phylum <— latest episode is out! #python cc @mkennedy and Charles Coggins from @Phy….