Safeguard
Tag

typosquatting

Safeguard articles tagged "typosquatting" — guides, analysis, and best practices for software supply chain and application security.

62 articles

Supply Chain Attacks

Software supply chain attack trends: what the public incident data shows

Sonatype tracked 454,648 new malicious packages in 2025 alone — over 1.2 million total since it started counting. Here's what three years of incident data reveal.

Jul 8, 20267 min read
Supply Chain Attacks

Anatomy of an npm Dependency Confusion Attack

One researcher published fake packages matching internal names at over 35 companies in 2021 and collected six-figure bounties — here's exactly how the registry resolution flaw works.

Jul 7, 20266 min read
FAQ

Supply Chain Attacks FAQ: 2026 Threats Explained

Answers to the most common questions about software supply chain attacks in 2026 — how they work, famous examples, the main techniques, and how to defend against them.

Jul 5, 20266 min read
Software Supply Chain Security

GitHub repo confusion and malware repositories

Fake GitHub repos with forged stars and AI-written READMEs are stealing crypto and credentials. Here's how repo confusion attacks actually work.

Jul 1, 20267 min read
AI Security

Slopsquatting: When AI Hallucinates Package Names

LLMs invent plausible package names; attackers register them and wait. How slopsquatting works, why hallucinations repeat predictably, and the gates that stop it.

Jun 14, 20266 min read
Threat Intelligence

What Is Open Source Malware

Open source malware is code deliberately planted in packages to attack the systems that install it. Learn how it spreads, real incidents, and how it differs from CVEs.

Jun 3, 20267 min read
Supply Chain Attacks

VS Code marketplace incident postmortem: what 2023-2024 actually taught us

Between 2023 and 2024 the VS Code Marketplace saw a string of typosquat, hijack, and impersonation incidents that shaped Microsoft's eventual hardening response. This is a composite postmortem of what happened, what changed, and what is still broken in 2026.

May 13, 20268 min read
AI Security

The Fake OpenAI 'privacy-filter' Model: How a Typosquat Hit #1 on Hugging Face in May 2026

A repository named Open-OSS/privacy-filter impersonated OpenAI's release, copied its model card verbatim, and shipped a loader.py that pulled an infostealer. It reached #1 trending with ~244,000 downloads before removal.

May 12, 202610 min read
Threat Intelligence

Malicious PyPI packages: common infiltration patterns

Real malicious PyPI package examples — typosquats, dependency confusion, hijacked maintainers, and crypto stealers — and how Safeguard catches them before install.

May 10, 20268 min read
Threat Intelligence

Malicious NuGet package campaigns targeting developers

Socket.dev has tracked malicious NuGet packages stealing wallets, banking credentials, and sabotaging industrial systems. See how Safeguard catches them first.

May 10, 20268 min read
Threat Intelligence

Typosquatting across package registries (npm, Go, PyPI)

Typosquatting has infected npm, PyPI, and now Go modules. We break down real attacks like crossenv and colourama, how Socket.dev detects them, and where the gaps remain.

May 9, 20267 min read
Software Supply Chain Security

What is Dependency Confusion

Dependency confusion lets attackers hijack builds by publishing malicious packages under private package names to public registries. Here's how it works.

Apr 4, 20266 min read
typosquatting (Page 2) — Safeguard Blog