malware
Safeguard articles tagged "malware" — guides, analysis, and best practices for software supply chain and application security.
32 articles
PyPI Malware Campaigns Surge in Q4 2022: A Roundup of the Worst Offenders
Python's package registry saw an explosion of malicious packages in late 2022, from credential stealers to reverse shells. Here's what we found.
Browser Extension Attacks and the Supply Chain
Browser extensions run with elevated privileges and update automatically. When attackers compromise or acquire popular extensions, they gain access to millions of users instantly.
Mobile App Store Security Bypass: How Malicious Apps Evade Review
App store review processes catch most malware. But the bypass techniques that work reveal systematic gaps in mobile supply chain security.
File Upload Vulnerability Prevention: A Practical Guide
File upload functionality is one of the most dangerous features in web applications. This guide covers the attack vectors, bypass techniques, and layered defenses needed to handle file uploads securely.
npm Supply Chain Attacks: 2022 Q1 Report
The first quarter of 2022 saw a surge in npm malware — from protestware to dependency confusion to credential-stealing packages. Here's a roundup of the most significant incidents and emerging trends.
Python PyPI Malware Campaigns in 2021
Malicious packages on PyPI surged in 2021, targeting developers with credential stealers, backdoors, and data exfiltration. Here's what the campaigns look like and how to defend against them.
Typosquatting Attacks on npm and PyPI Explained
Attackers exploit human typos to distribute malware through package registries. Here's how typosquatting works, real examples, and how to protect your builds.
npm Package ua-parser-js Compromised: 8 Million Weekly Downloads Weaponized
Attackers hijacked the ua-parser-js npm package account and published malicious versions containing cryptominers and password stealers. The package gets 8 million downloads per week.