Threat research roundup: Lessons learned from recent PyPI and npm supply chain attacks


Security teams are well aware of the growing problem of software supply chain attacks, but it’s essential that organizations stay abreast of the various threats posed to software supply chains.

One of the pain points that organizations need to learn more about and defend against is malicious campaigns found on open-source software repositories. Repositories such as npm and PyPI are used globally by developers to build software applications, and attackers in recent years have taken great advantage of that.

By using the ReversingLabs Software Supply Chain Security platform, ReversingLabs threat researchers are able to consistently search for, detect, and analyze malicious campaigns on these repositories. Their findings are also enriched by having access to the largest private repository of goodware and malware files in the world, started by RL over a decade ago.

Read more…