malware
Safeguard articles tagged "malware" — guides, analysis, and best practices for software supply chain and application security.
32 articles
OSS Malware Trends Q1 2026 (Safeguard Research)
The Safeguard Research team analyzed first-quarter 2026 malicious package telemetry across npm, PyPI, RubyGems, and crates.io. Here is what the data shows.
Malicious npm packages targeting developers in 2025
A year-end look at 2025's npm supply chain attacks—chalk/debug phishing, the Shai-Hulud worm, and industrialized malware campaigns—and how to defend against them.
Docker Hub malicious image report
Researchers estimate roughly 3% of public Docker Hub images carry malicious payloads. Here's what's inside them, how they spread, and how to defend your pipeline.
Docker Hub typosquatting of official images
Attackers are cloning popular Docker Official Images under lookalike names, tricking `docker pull` into fetching malware instead of trusted base images.
PyPI Malicious Packages 2025: Python's Growing Supply Chain Problem
PyPI faced a surge of malicious package uploads in early 2025, targeting data science, AI/ML, and cloud development workflows. Here's the full picture.
Office Document Macro Security: The Attack Vector That Will Not Die
Microsoft disabled macros by default in 2022. Attackers adapted. The macro threat has evolved, not disappeared.
PyPI Supply Chain Attacks: Q1 2024 Roundup
Q1 2024 brought typosquats, stealer campaigns, and a week-long new-user freeze on PyPI. Here is what the attacks looked like and how to defend.
PDF Supply Chain Attack Vectors: When Documents Become Weapons
PDFs are trusted by default in most organizations. That trust makes them a potent vector for supply chain attacks. Here is how the attacks work.
Massive PyPI Malware Campaign Targets Developers with Credential Stealers
A sustained campaign flooded PyPI with hundreds of malicious packages using typosquatting and dependency confusion to steal credentials and cryptocurrency from developers.
WinRAR Zero-Day CVE-2023-38831: Weaponized Archives in the Wild
A WinRAR vulnerability exploited since April 2023 allowed attackers to execute arbitrary code when users opened seemingly harmless files inside ZIP archives.
The March 2023 PyPI Malware Wave
PyPI paused new user registration for most of May 20-23 after a March wave of typosquats and info-stealers flooded the index. Here is what happened and why.
ESLint Supply Chain Attack: Malicious npm Packages Targeting Developers
Attackers published malicious packages impersonating ESLint on npm, exploiting developer trust in the popular linting tool to steal credentials.