Phylum Exclusive Research Report by CEO, Aaron Bray ?? 2025 Software Supply Chain Security Trends & Predictions: AI, Shadow Application Development and Nation-State Attacks - https://lnkd.in/eqR96Fwn #phylumresearch #phylumsecurity #softwaresupplychainsecurity #2025trends #2025predictions #shadowappdev #appdevsec #nationstateattacks #aisecurity #cybersecurity #CEO #CEOinsights
关于我们
Phylum is an automated, software supply chain security platform that continuously informs organizations of risk, blocks zero-day attacks, and enforces compliance and governance without disrupting innovation. Phylum analyzes open-source software as it is published and ingests software packages, lockfiles, and SBOMs to contextualize risks, prevent threats, and inform developers and security teams. Customers use the Phylum platform to protect applications from malicious code, evaluate third-party vendors, identify brand misuse and targeted attacks, complete mergers and acquisitions, and limit risks associated with using AI to write or fix source code. Phylum also offers a threat feed of real-time software supply chain attacks that can be consumed by any security analytics or observability product to enrich other findings. In 2022, Phylum's analysis of open-source packages identified thousands of new malicious packages, malicious authors, and supply chain risks that culminated in a massive improvement to open-source software and the first inaugural Black Hat Innovation Spotlight award. Download the Phylum GitHub App: https://github.com/marketplace/phylum-io
- 网站
-
https://www.phylum.io/
Phylum的外部链接
- 所属行业
- 软件开发
- 规模
- 11-50 人
- 总部
- Evergreen,CO
- 类型
- 私人持股
- 创立
- 2020
- 领域
- open source security、software supply chain security、software supply chain risk、open source、devops、devsecops、vulnerability reachability、vulnerabilities、malware、malicious authors和license misuse
产品
地点
-
主要
获取路线
US,CO,Evergreen,80439
Phylum员工
动态
-
"In Q3 2024, Phylum identified 465,897 malicious packages in the software supply chain open source ecosystem." Read the latest Evolution of Software Supply Chain Security Report via the Phylum Research Team - https://lnkd.in/eUPCGNPA [7 min read] #DevOps #CISO #opensourceecosystem #phylumresearch #maliciouspackages #appsec #spampackages #maliciousURLs #typosquats #criticalmalware
-
Phylum is an official sponsor of the Day of Shecurity event in Boston on November 8, 2024. If you plan to attend, reach out to our CRO,?Mikala Vidal, or say hi ???to her at the conference. WiCyS Massachusetts #womenincyber #womenincybersecurity #womenintech #dayofshecurity #WiCyS #WiCySMA #phylumevents
-
-
Q3 2024 Evolution of Software Supply Chain Security Report via the Phylum Research Team - https://lnkd.in/eUPCGNPA #malciouspackages #npm #opensourceecosystem #DevOps #CISO #AppSec #acceptableuse #softwaresupplychainsecurity #CybersecurityAwarenessMonth #CyberSecurity
Q3 2024 Evolution of Software Supply Chain Security Report
blog.phylum.io
-
?? Trick or treat? #Malware authors opted for the former with a series of malicious #npm packages targeting #Puppeteer users in an ongoing #typosquat campaign! ?https://lnkd.in/g883_8Qr? #nodejs #npm #ethereum #opensource #javascript #cryptocurrency #cybersecurity #infosec #typescript
Fake Puppeteer Packages Contain Malware
blog.phylum.io
-
Subscribe to Phylum Research ?? New Quarterly Report Coming Soon ?? Sign-up: https://lnkd.in/gUUZJRZ5 ??? Latest Post: https://lnkd.in/g95WUg58 #opensource #techcommunity #opensourceecosystem #softwaresupplychain #devops #CISO #AppSec #acceptableuse #techcommunity #developercommunity #softwaresupplychainsecurity #opensourcecode
-
Have you ever had your private #crypto keys stolen? #Malware authors have published forks of the popular Ethers library that exfiltrate private keys & give attackers #SSH access to infected machines. https://lnkd.in/g95WUg58 #npm #opensource #security #ethereum #cryptocurrency #infosec #javascript #typescript #softwaredevelopment
Trojanized Ethers Forks on npm Attempting to Steal Ethereum Private Keys | Phylum
blog.phylum.io
-
???Phylum For Artifact Repositories and Package Managers “Think of Phylum like a firewall for open-source software packages, providing a layer of defense between the open-source ecosystem and the software your customers trust you to keep secure,” said Aaron Bray, co-founder and CEO of Phylum. Learn More: https://lnkd.in/eWrVPCC2 Book a Demo: https://lnkd.in/e23EVDyK #opensource #techcommunity #opensourceecosystem #softwaresupplychain #devops #CISO #AppSec #acceptableuse #machinelearning #techcommunity #developercommunity
-
-
"Like we always say...you're one update away from malware."?Louis Lang, co-founder and chief technology officer (#CTO) at Phylum, weighs in on a North Korean advanced persistent threat (APT) actor (aka Gleaming Pisces) trying to sneak into public software packages. Citrine Sleet Poisons PyPI Packages With Mac & Linux Malware:? https://lnkd.in/eF-ax2kT? via Nate Nelson for Dark Reading #darkreading #maliciouspackage #northkorea #advancedpersistentthreat #aptactor #gleamingpisces #typosquatting #PyPIPackages #remoteaccesstrojan #softwaredevelopernews #softwaresupplychain #CISO #opensourcenews
Citrine Sleet Poisons PyPI Packages With Mac & Linux Malware
darkreading.com
-
Phylum转发了
?? Ross Bryant from Phylum talks about Nation-State Threats in the Open Source Software Supply Chain at #SOSSCommunity Day. Ross talks about how the Lazarus Group targeted developers with malicious npm packages to steal cryptocurrency. Discover how evolving tactics in 2023-24 pose ongoing risks to the OSS ecosystem. ???? #OSSummit
-