Safeguard
Tag

malware

Safeguard articles tagged "malware" — guides, analysis, and best practices for software supply chain and application security.

32 articles

Open Source Security

PyPI Malware Campaigns Surge in Q4 2022: A Roundup of the Worst Offenders

Python's package registry saw an explosion of malicious packages in late 2022, from credential stealers to reverse shells. Here's what we found.

Dec 5, 20226 min read
Application Security

Browser Extension Attacks and the Supply Chain

Browser extensions run with elevated privileges and update automatically. When attackers compromise or acquire popular extensions, they gain access to millions of users instantly.

Nov 5, 20226 min read
Mobile Security

Mobile App Store Security Bypass: How Malicious Apps Evade Review

App store review processes catch most malware. But the bypass techniques that work reveal systematic gaps in mobile supply chain security.

Jun 12, 20225 min read
Web Security

File Upload Vulnerability Prevention: A Practical Guide

File upload functionality is one of the most dangerous features in web applications. This guide covers the attack vectors, bypass techniques, and layered defenses needed to handle file uploads securely.

May 5, 20227 min read
Supply Chain Attacks

npm Supply Chain Attacks: 2022 Q1 Report

The first quarter of 2022 saw a surge in npm malware — from protestware to dependency confusion to credential-stealing packages. Here's a roundup of the most significant incidents and emerging trends.

Apr 20, 20225 min read
Open Source Security

Python PyPI Malware Campaigns in 2021

Malicious packages on PyPI surged in 2021, targeting developers with credential stealers, backdoors, and data exfiltration. Here's what the campaigns look like and how to defend against them.

Oct 15, 20215 min read
Supply Chain Attacks

Typosquatting Attacks on npm and PyPI Explained

Attackers exploit human typos to distribute malware through package registries. Here's how typosquatting works, real examples, and how to protect your builds.

Aug 10, 20215 min read
Open Source Security

npm Package ua-parser-js Compromised: 8 Million Weekly Downloads Weaponized

Attackers hijacked the ua-parser-js npm package account and published malicious versions containing cryptominers and password stealers. The package gets 8 million downloads per week.

Jul 15, 20215 min read
malware (Page 3) — Safeguard Blog