Sample Reports for Software Supply Chain Security


IconBurst - Escalation of Attacker Tactics

IconBurst is the first typosquatting attack to trigger the payload only after its host software release package is deployed by unsuspecting users. analysis report Read our blog: IconBurst NPM software supply chain attack grabs data from apps and websites

CodeCov’s Supply Chain Compromise

Attackers who compromise software delivery platforms can modify releases to attack production or customer environments. This happened to CodeCov. analysis report Read our blog on the CodeCov compromise

How Automated Updating Can Serve Up Malware

When maintainer accounts of popular open source packages are compromised, altered versions can serve malware to automated CI/CD systems during the exposure window. analysis report

Malware Targeting Developer’s Credentials

Typosquatting attacks prey on developers mistyping open source package names. The malicious payload usually steals credentials to pivot through developer toolchains. analysis report - #1 Read our blog: Groundhog day: NPM package caught stealing browser passwords

Malicious Data Mining for Money

This malicious package auto-executes & achieves persistence when installed. It finds & replaces digital wallet urls which transfers funds to the attacker. analysis report Read our blog: Mining for malicious RubyGems

Malicious Open Source Planting

This maliciuos package is installed as a library that runs when interactive non-login shells are created, making it difficult for code reviews to detect. analysis report Read our blog: Beware of imposter libraries on PyPI

Sensitive information data leaks

Secrets used during development that are accidentally built into releases or containers are easy for attackers to find & use to compromise software pipelines. analysis report Read our blog: PyPI packages containing sensitive information

Tampering with digitally signed content

This example shows a tampered signature issue discovered in a Microsoft package. Automated version differencing validated remediation & passed the next build for release. analysis report Read our blog: Trouble with software integrity validation

Log4j - Critical remote code execution vulnerability

When new critical vulnerabilities are reported, SBOM depth, accuracy & search via portal & CLI can minimize the effort to understand your exposure. analysis report Read our blog: Log4j is why you need an SBOM

Vulnerabilities in statically linked code

Statically linked libraries can be invisible without binary analysis. This example package has critical vulnerabilities in statically linked open source libraries. analysis report Read our blog: Third-party code comes with some baggage

3CX - Malicious code added during build process

Attackers compromised the build by injecting encrypted shellcode through trusted and signed binary artifacts, all without breaking the existing signature.
Read our blog: Red flags fly over 3CX Webinar: Deconstructing 3CX Software Package