Catching the Silent Threat: How Dynamic Analysis Revealed a Complex npm Attack Chain
Explore how analyzing runtime behaviors using Dynamic Analysis data helps uncover abnormal activities in open source packages. By examining network connections and unusual binary executions during…
Read the full articleYou might also wanna read
Post-mortem Analysis of @ctrl/tinycolor npm Supply Chain Attack via GitHub Actions
Lessons learned from becoming the unexpected face of a npm supply-chain attack.

A post-mortem of the malicious event-stream backdoor
A look back at the chain of events that led to the use of the malicious npm package "flatmap-stream" and a reflection on what it means for t

Visibly invisible malicious Node.js packages: When configuration niche meets invisible characters
A focus on attacks in the Node.js ecosystem via the yarn and npm package managers, examining how configuration abuse and hidden characters c

Monitoring open source packages at runtime - now in open beta
Today we’re delighted to share that we’re launching our Open Source Security Runtime Monitoring solution, in beta, to all users, with no lim

Introducing open source security runtime monitoring
Snyk released its application security runtime monitoring solution, allowing developers to monitor the behavior of their open source compone
Supply Chain Attacks on Open-Source Software: Case Study of Malicious Pull Request Attempts
Just in the last 7 days, we've seen LiteLLM and axios impacted by supply chain attacks. Recently, I was chatting with Bereket Engida, the cr

Comments
Sign in to join the conversation.
No comments yet. Be the first.