A taxonomy of attacks on software supply chains in the form of an attack tree, based on and linked to numerous real-world incidents and other resources. The taxonomy as well as related safeguards can be explored using an interactive visualization tool.
Adding the reference to the latest discovery from Phylum about a malicious package in npm named img-aws-s3-object-multipart-copy, mimicking the legitimate package aws-s3-object-multipart-copy to deliver malicious content obfuscated through steganography
Adding the reference to the latest discovery from Phylum about a malicious package in npm named
img-aws-s3-object-multipart-copy, mimicking the legitimate packageaws-s3-object-multipart-copyto deliver malicious content obfuscated through steganography