Stacklok logo
Solutions
Source code repository security Open source dependency security
Company
About Careers Press
Community
Minder
Resources
Blog Documentation
Login
Threat Hunting Insights

The specific malicious packages we identified and how we found them

Featured Articles

Stacklok has contributed Minder to the OpenSSF out of a deep belief in the power of the open source community

Luke Hinds /
5 mins read
 /
Oct 28, 2024
Community
Minder

The open source community is a rich source of innovation and has developed a number of powerful security tools. Minder makes it easier to integrate and utilize these tools for organizations that want a platform for open source security. We're excited that Minder has been adopted into the OpenSSF sandbox.

Flexible policy enforcement with Minder profile selectors

Dan Barr /
4 mins read
 /
Sep 19, 2024
Minder
Tutorials
Flexible policy enforcement with Minder profile selectors

Profile selectors, now available in Minder, enable you to customize how profiles are applied to your software supply chain. With selectors, you can apply the right rules to the right resources to increase compliance flexibility and reduce alert fatigue.

Cross-platform RAT deployed by weaponized 'requests' clone

Luke Hinds / Poppaea McDermott /
5 mins read
 /
Aug 30, 2024
Threat Analysis

On August 29th, Stacklok’s automated threat detection platform alerted us to the presence of malicious code in a newly published PyPI package named "invokehttp." This package raised red flags due to inconsistencies in its metadata and the absence of any verified connection to its claimed GitHub repository. The attacker opted to link the package to a popular Selenium ChromeDriver GitHub repository. This has the same effect of exploiting the repository’s high number of stars, forks, and followers, adding a layer of credibility to invokehttp.

Loading...

Stacklok has contributed Minder to the OpenSSF out of a deep belief in the power of the open source community

Luke Hinds /
Oct 28, 2024
Community
Minder
Continue Reading
This Month in Minder - September 2024

This Month in Minder: September 2024

Stacklok /
Sep 26, 2024
Minder
Community
Continue Reading
Flexible policy enforcement with Minder profile selectors

Flexible policy enforcement with Minder profile selectors

Dan Barr /
Sep 19, 2024
Minder
Tutorials
Continue Reading

Dependency hijacking: Dissecting North Korea’s new wave of DeFi-themed open source attacks targeting developers

Poppaea McDermott /
Sep 10, 2024
Threat Analysis
Continue Reading

Securi-Taco Tuesday livestream recap: How code signing and Sigstore secure the software supply chain

Stacey Potter /
Sep 3, 2024
Community
Supply Chain Security 101
Continue Reading

Cross-platform RAT deployed by weaponized 'requests' clone

Luke Hinds / Poppaea McDermott /
Aug 30, 2024
Threat Analysis
Continue Reading

Now available in Trusty: Vulnerability and license information for open source packages

Megan Bruce /
Aug 27, 2024
Trusty
Open Source Security
Continue Reading

Open source licenses 101: What is the GNU GPL License?

Stacklok Editorial Team /
Aug 26, 2024
Supply Chain Security 101
Continue Reading

Open source licenses 101: What is an MIT License?

Stacklok Editorial Team /
Aug 23, 2024
Supply Chain Security 101
Continue Reading
Newsletter

Stay in the loop

Subscribe to our newsletter for the latest news about our products and about open source supply chain security.

Stacklok logo
© 2024 Stacklok
Privacy Policy Terms of Service
Main Menu
Home About Careers Contact
Products
Trusty Minder
Resources
All Resources Blog Videos Trusty Docs Minder Docs
Contact Us
hello@stacklok.com