| Date | Title | Description |
| 23.12.2025 | Ваш сайт вам больше не принадлежит: как CVE-2025-11953 отдает ключи хакерам | Итак, 5 ноября команда JFrog опубликовала предупреждение об уязвимости CVE-2025-11953 в инструментах командной строки проекта React Native Community CLI. React Native — это платформа которую используют тысячи разработчиков для создания моби... |
| 10.02.2025 | Incorporating 'secure by design' into the software supply chain [Q&A] | Developers historically have not been all that security savvy, but as software supply chain security becomes a larger and larger problem every day, enterprises are going to need to secure packages before they are put into production environ... |
| 06.01.2025 | Veracode Acquires Phylum | Veracode, a Burlington, MA-based company which specializes in application risk management, acquired the technology of Phylum, an Evergreen, CO-based malicious package analysis, detection, and mitigation technology company.
The amount of the... |
| 01.11.2024 | Интернет тонет в спаме | Спам в каталоге пакетов npm
Интернет уже не тот, что в 90-е. Тогда мы искали интересные сайты по тематическим каталогам Yahoo и Рамблера. Поисковых систем не существовало до появления AltaVista. Даже мысли не было создавать мусорные сайты д... |
| 19.09.2024 | Phylum Introduces New Software Package Firewall Capabilities | Phylum provides a layer of defense between the open-source ecosystem and your enterprise software
Users can now integrate directly with artifact repositories and package managers
EVERGREEN, Colo., Sept. 19, 2024 /PRNewswire-PRWeb/ -- Phylum... |
| 15.07.2024 | Here’s how carefully concealed backdoor in fake AWS files escaped mainstream notice | Enlarge
BeeBright / Getty Images / iStockphoto reader comments 32
Researchers have determined that two fake AWS packages downloaded hundreds of times from the open source NPM JavaScript repository contained carefully concealed code that bac... |
| 26.04.2024 | Уязвимости на GitHub: в библиотеке Ruby, которую скачали 250 000 раз, модулях для электронных замков и популярных играх... | В конце марта в блоге GitHub вышла статья, как защищаться от уязвимостей типа RepoJacking. В первых строчках автор советовал использовать пакетные менеджеры типа NPM и PyPI, чтобы киберугроза этого вида «не угрожала пользователю напрямую». ... |
| 01.09.2023 | UK’s NCSC Warns Against Cybersecurity Attacks on AI | Image: Michael Traitov/Adobe Stock
Large language models used in artificial intelligence, such as ChatGPT or Google Bard, are prone to different cybersecurity attacks, in particular prompt injection and data poisoning. The U.K.’s National C... |
| 19.07.2023 | GitHub выявил атаку на отдельных сотрудников IT-компаний | GitHub выявил небольшую кампанию социальной инженерии, нацеленную на личные учётные записи сотрудников технологических фирм. В ходе этой кампании не было скомпрометировано ни одной системы GitHub или npm, заявляет платформа.
Злоумышленники ... |
| 04.04.2023 | 16 Key Considerations When Vetting A New Tech Vendor Or Partner | getty |
| 14.03.2023 | Главное из мира Python за февраль 2023 | Раз в месяц мы в Moscow Python Podcast собираемся и обсуждаем свежие релизы, заинтересовавшие нас инструменты и статьи. В этом выпуске для вас говорили Михаил Корнеев и Григорий Петров.
Вы также можете посмотреть на нас:
Или послушать на пл... |
| 22.02.2023 | Protecting the software supply chain [Q&A] | As developers come under increasing pressure to deliver projects quickly, there's a rising level of conflict between development and security teams. And attackers are taking advantage of this conflict in order to target software supply chai... |
| 14.02.2023 | Latest attack on PyPI users shows crooks are only getting better | Enlarge
Getty Images reader comments 54 with
Share this story
Share on Facebook
Share on Twitter
Share on Reddit
More than 400 malicious packages were recently uploaded to PyPI (Python Package Index), the official code repository for the Py... |
| 08.11.2022 | В каталоге PyPI выявлены вредоносные пакеты, нацеленные на кражу криптовалюты | В каталоге PyPI исследователи обнаружили более 20 вредоносных пакетов, нацеленных на кражу криптовалюты. Пакеты маскировались под популярные библиотеки.
Всего в PyPI обнаружили 26 пакетов, содержащих в себе вредоносный код для кражи криптов... |
| 12.05.2022 | Google launches ‘open-source maintenance crew’ | We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 - 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!
Today, at the White House Open Source Security Su... |
| 04.05.2022 | Phylum Raises $15 Million to Proactively Defend the Open-Source Supply Chain | Phylum manages the risk of using untrusted, open-source libraries; enables security teams and developers to innovate at speed
Phylum announces $15 million in Series A funding. The round is led by ClearSky, with contributions from Atlassian ... |
| 03.05.2022 | Phylum Raises $15M in Series A Funding | Phylum, an Evergreen, CO-based company that aims to secure the universe of code, starting with the open-source supply chain, raised $15M in Series A funding.
The round was led by ClearSky, with contributions from Atlassian Ventures, SixThir... |
| 03.05.2022 | This private equity firm is sharing returns with portfolio company employees | This is the web version of Term Sheet, a daily newsletter on the biggest deals and dealmakers. Sign up to get it delivered free to your inbox.
When a record number of people are quitting their jobs, it may help to give employees a stake in ... |
| 03.05.2022 | Phylum Nabs $15M Series A Financing Round |
EVERGREEN, CO, Today, Phylum announces $15 million in Series A funding.
>> Click here for more funding data on Phylum
>> To export Phylum funding data to PDF and Excel, click here
The round is led by ClearSky, with contri... |
| 03.05.2022 | Phylum strengthens mission to defend the software supply chains | We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 - 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!
Software supply chain security provider, Phylum, ... |
| 08.12.2021 | Phylum Announces Expert Advisory Board to Guide Rapid Growth | We’ve seen the number and severity of cybersecurity incidents increase substantially. Companies are acutely aware that they need better tools to safeguard their software supply chain.
EVERGREEN, Colo. (PRWEB) December 08, 2021
Phylum, the c... |
| 01.09.2021 | Phylum Appoints Cybersecurity Industry Leader Dan Burns to Board of Directors | From what I’ve seen firsthand and from conversations with CSOs in my network, it’s clear that this industry requires a new approach and technology
EVERGREEN, Colo. (PRWEB) September 01, 2021
Phylum, the company defining the future of softwa... |
| 24.06.2021 | Phylum Exits Stealth with $4.5M in Seed Funding |
EVERGREEN, CO, Phylum has raised $4.5 million in seed funding led by First In.
>> Click here for more funding data on Phylum
>> To export Phylum funding data to PDF and Excel, click here
Phylum, a software supply chain se... |
| 24.06.2021 | Phylum Raises $4.5M in Seed Funding | Phylum, an Evergreen, CO-based software supply chain security company, raised $4.5m in seed funding.
The round was led by First In with participation from TechOperators, General Advance, Verissimo Ventures; Area 51 Ventures, Vijay Pandurang... |
| 23.06.2021 | Phylum Closes $4.5M in Seed Funding and Comes Out of Stealth Mode | Phylum helps companies defend their systems by identifying risk across the entire software supply chain to stay ahead of today’s cybersecurity threats and emerging attack vectors.
EVERGREEN, Colo. (PRWEB) June 23, 2021
Phylum, the company d... |
