Ossprey Security
@ossprey.bsky.social
Detect malware in your open source software supply chain
www.ossprey.com
www.ossprey.com
Reposted by Ossprey Security
📢 We're exhibiting at the International Cyber Expo to showcase our programmes, projects and insights to help organisations innovate and collaborate in today’s evolving security landscape!
Enquire to access the engaged #ICE2025 audience with your solutions: hubs.la/Q03vC9yy0
Enquire to access the engaged #ICE2025 audience with your solutions: hubs.la/Q03vC9yy0
September 5, 2025 at 12:02 PM
📢 We're exhibiting at the International Cyber Expo to showcase our programmes, projects and insights to help organisations innovate and collaborate in today’s evolving security landscape!
Enquire to access the engaged #ICE2025 audience with your solutions: hubs.la/Q03vC9yy0
Enquire to access the engaged #ICE2025 audience with your solutions: hubs.la/Q03vC9yy0
New Blog: Nx Package Compromise
Malware hidden in recent Nx releases created a repo called s1ngularity-repository in developers’ GitHub accounts exposing SSH keys, API tokens, and even wallet files.
Read the breakdown + what to do next: ossprey.com/blog/nx-pack...
#SupplyChainSecurity #npm #OSS
Malware hidden in recent Nx releases created a repo called s1ngularity-repository in developers’ GitHub accounts exposing SSH keys, API tokens, and even wallet files.
Read the breakdown + what to do next: ossprey.com/blog/nx-pack...
#SupplyChainSecurity #npm #OSS
August 28, 2025 at 9:17 AM
New Blog: Nx Package Compromise
Malware hidden in recent Nx releases created a repo called s1ngularity-repository in developers’ GitHub accounts exposing SSH keys, API tokens, and even wallet files.
Read the breakdown + what to do next: ossprey.com/blog/nx-pack...
#SupplyChainSecurity #npm #OSS
Malware hidden in recent Nx releases created a repo called s1ngularity-repository in developers’ GitHub accounts exposing SSH keys, API tokens, and even wallet files.
Read the breakdown + what to do next: ossprey.com/blog/nx-pack...
#SupplyChainSecurity #npm #OSS
New from Ossprey: PyPI is cracking down on domain resurrection attacks by invalidating expired maintainer domains.
1,800 accounts un-verified in just 2 months.
Time to check if your dependencies rely on revoked maintainers.
Full blog: ossprey.com/blog/pypi-domain-vigilance
#opensourcesecurity
1,800 accounts un-verified in just 2 months.
Time to check if your dependencies rely on revoked maintainers.
Full blog: ossprey.com/blog/pypi-domain-vigilance
#opensourcesecurity
OSSPREY
Published on August 24, 2025
ossprey.com
August 26, 2025 at 9:00 AM
New from Ossprey: PyPI is cracking down on domain resurrection attacks by invalidating expired maintainer domains.
1,800 accounts un-verified in just 2 months.
Time to check if your dependencies rely on revoked maintainers.
Full blog: ossprey.com/blog/pypi-domain-vigilance
#opensourcesecurity
1,800 accounts un-verified in just 2 months.
Time to check if your dependencies rely on revoked maintainers.
Full blog: ossprey.com/blog/pypi-domain-vigilance
#opensourcesecurity
Reposted by Ossprey Security
🔐 New Case Study: How is Google securing the future of machine learning?
By partnering with #sigstore and the Open Source Security Foundation (OpenSSF), they’ve implemented model signing that makes AI systems more trustworthy by default.
openssf.org/blog/2025/07...
By partnering with #sigstore and the Open Source Security Foundation (OpenSSF), they’ve implemented model signing that makes AI systems more trustworthy by default.
openssf.org/blog/2025/07...
July 28, 2025 at 7:13 PM
🔐 New Case Study: How is Google securing the future of machine learning?
By partnering with #sigstore and the Open Source Security Foundation (OpenSSF), they’ve implemented model signing that makes AI systems more trustworthy by default.
openssf.org/blog/2025/07...
By partnering with #sigstore and the Open Source Security Foundation (OpenSSF), they’ve implemented model signing that makes AI systems more trustworthy by default.
openssf.org/blog/2025/07...
Reposted by Ossprey Security
Wild times! 🚨 Cybercrime meets geopolitics—$1M stolen by North Korean hackers. This underscores the urgent need for robust security in crypto. Time to bolster defenses! 🔒💰 #CryptoSecurity #Innovation
DOJ charges 4 North Koreans in $1M crypto theft from blockchain startup
Four North Koreans posed as remote developers for US and Serbian blockchain firms, stealing almost $1 million in crypto to fund the regime’s illicit programs.
#crypto #news
Four North Koreans posed as remote developers for US and Serbian blockchain firms, stealing almost $1 million in crypto to fund the regime’s illicit programs.
#crypto #news
DOJ charges 4 North Koreans in $1M crypto theft from blockchain startup
Four North Koreans posed as remote developers for US and Serbian blockchain firms, stealing almost $1 million in crypto to fund the regime’s illicit programs.
cointelegraph.com
July 4, 2025 at 7:54 AM
Wild times! 🚨 Cybercrime meets geopolitics—$1M stolen by North Korean hackers. This underscores the urgent need for robust security in crypto. Time to bolster defenses! 🔒💰 #CryptoSecurity #Innovation
Reposted by Ossprey Security
Talks from the Purdue CERIAS 2025 Cybersecurity Symposium, which took place at the start of April, are available on YouTube
www.youtube.com/playlist?lis...
www.youtube.com/playlist?lis...
www.youtube.com/playlist?lis...
www.youtube.com/playlist?lis...
July 2, 2025 at 9:41 PM
Talks from the Purdue CERIAS 2025 Cybersecurity Symposium, which took place at the start of April, are available on YouTube
www.youtube.com/playlist?lis...
www.youtube.com/playlist?lis...
www.youtube.com/playlist?lis...
www.youtube.com/playlist?lis...
"Software supply chain attacks via malicious dependencies continue to be one of the most significant security threats to modern software development"
Kudos to our friends over at @gitlab.com for the solid detection and writeup!
about.gitlab.com/blog/gitlab-...
Kudos to our friends over at @gitlab.com for the solid detection and writeup!
about.gitlab.com/blog/gitlab-...
GitLab catches MongoDB Go module supply chain attack
Learn how GitLab detected a supply chain attack targeting Go developers through fake MongoDB drivers that deploy persistent backdoor malware.
about.gitlab.com
July 1, 2025 at 1:00 AM
"Software supply chain attacks via malicious dependencies continue to be one of the most significant security threats to modern software development"
Kudos to our friends over at @gitlab.com for the solid detection and writeup!
about.gitlab.com/blog/gitlab-...
Kudos to our friends over at @gitlab.com for the solid detection and writeup!
about.gitlab.com/blog/gitlab-...
Reposted by Ossprey Security
📌 New supply chain malware attack targets npm and PyPI ecosystems, impacting millions of users. #CyberSecurity #Malware https://tinyurl.com/28jfcmu5
New Supply Chain Malware Attack Targets npm and PyPI Ecosystems
A new supply chain malware attack is targeting the npm and PyPI ecosystems, putting millions of users at risk. This attack aims to compromise software packages distributed through these platforms, potentially affecting millions of users who rely on these ecosystems for their development projects. The technical details of the attack are not specified, but the impact is significant due to the widespread use of npm and PyPI in the developer community.
tinyurl.com
June 10, 2025 at 5:42 PM
📌 New supply chain malware attack targets npm and PyPI ecosystems, impacting millions of users. #CyberSecurity #Malware https://tinyurl.com/28jfcmu5
Reposted by Ossprey Security
Threat Actors Attacking Cryptocurrency and Blockchain Developers with Weaponized npm and PyPI Packages
https://www.byteseu.com/1103527/
The cryptocurrency and blockchain development ecosystem is facing an unprecedented surge in sophisticated malware campaigns targeting the open source supply …
https://www.byteseu.com/1103527/
The cryptocurrency and blockchain development ecosystem is facing an unprecedented surge in sophisticated malware campaigns targeting the open source supply …
Threat Actors Attacking Cryptocurrency and Blockchain Developers with Weaponized npm and PyPI Packages - Bytes Europe
The cryptocurrency and blockchain development ecosystem is facing an unprecedented surge in sophisticated malware campaigns targeting the open source supply
www.byteseu.com
June 14, 2025 at 7:52 AM
Threat Actors Attacking Cryptocurrency and Blockchain Developers with Weaponized npm and PyPI Packages
https://www.byteseu.com/1103527/
The cryptocurrency and blockchain development ecosystem is facing an unprecedented surge in sophisticated malware campaigns targeting the open source supply …
https://www.byteseu.com/1103527/
The cryptocurrency and blockchain development ecosystem is facing an unprecedented surge in sophisticated malware campaigns targeting the open source supply …
Reposted by Ossprey Security
Hackers Unleash Python-NPM Malware Mashup: A Comedy of Errors in Cybersecurity
Checkmarx Zero uncovers a sneaky cross-ecosystem malware targeting Python and NPM users with typosquatting. Don't fall for malicious software tricks!
thenimblenerd.com?p=1047019
Checkmarx Zero uncovers a sneaky cross-ecosystem malware targeting Python and NPM users with typosquatting. Don't fall for malicious software tricks!
thenimblenerd.com?p=1047019
Hackers Unleash Python-NPM Malware Mashup: A Comedy of Errors in Cybersecurity
New research from Checkmarx Zero highlights a malicious software campaign targeting Python and NPM users on Windows and Linux. The campaign uses typosquatting techniques, mimicking legitimate software names to trick users into downloading harmful packages. This cross-ecosystem attack is a rare tactic, aiming to steal sensitive data and maintain long-term system access.
thenimblenerd.com
June 2, 2025 at 10:14 AM
Hackers Unleash Python-NPM Malware Mashup: A Comedy of Errors in Cybersecurity
Checkmarx Zero uncovers a sneaky cross-ecosystem malware targeting Python and NPM users with typosquatting. Don't fall for malicious software tricks!
thenimblenerd.com?p=1047019
Checkmarx Zero uncovers a sneaky cross-ecosystem malware targeting Python and NPM users with typosquatting. Don't fall for malicious software tricks!
thenimblenerd.com?p=1047019
Reposted by Ossprey Security
A malicious Python package targeting Discord developers with remote access trojan (RAT) malware was spotted on the Python Package Index (PyPI) after more than three years.
Malicious PyPi package hides RAT malware, targets Discord devs since 2022
A malicious Python package targeting Discord developers with remote access trojan (RAT) malware was spotted on the Python Package Index (PyPI) after more than three years.
www.bleepingcomputer.com
May 8, 2025 at 6:51 PM
A malicious Python package targeting Discord developers with remote access trojan (RAT) malware was spotted on the Python Package Index (PyPI) after more than three years.
🚨 Supply Chain Security in Focus
See our latest blog post for a technical deep dive into what happened and what it means for engineers and defenders.
👉 ossprey.com/blog/tj-acti...
Let us know your thoughts or what your team is doing to reduce this kind of risk.
#ossprey #BirdsOfCyber
See our latest blog post for a technical deep dive into what happened and what it means for engineers and defenders.
👉 ossprey.com/blog/tj-acti...
Let us know your thoughts or what your team is doing to reduce this kind of risk.
#ossprey #BirdsOfCyber
OSSPREY
Published on April 11, 2025
ossprey.com
April 22, 2025 at 7:08 AM
🚨 Supply Chain Security in Focus
See our latest blog post for a technical deep dive into what happened and what it means for engineers and defenders.
👉 ossprey.com/blog/tj-acti...
Let us know your thoughts or what your team is doing to reduce this kind of risk.
#ossprey #BirdsOfCyber
See our latest blog post for a technical deep dive into what happened and what it means for engineers and defenders.
👉 ossprey.com/blog/tj-acti...
Let us know your thoughts or what your team is doing to reduce this kind of risk.
#ossprey #BirdsOfCyber
In the era of AI assistants and vibe coding, a new threat emerges from the shadows. It has lurked, hidden and patient, waiting for the right moment.
Zombie Dependencies: they’re not after brains… they’re after your code. :🧟 💻
Read the full post here
👉 ossprey.com/blog/zombie-...
Zombie Dependencies: they’re not after brains… they’re after your code. :🧟 💻
Read the full post here
👉 ossprey.com/blog/zombie-...
OSSPREY
Published on April 15, 2025
ossprey.com
April 17, 2025 at 7:22 AM
In the era of AI assistants and vibe coding, a new threat emerges from the shadows. It has lurked, hidden and patient, waiting for the right moment.
Zombie Dependencies: they’re not after brains… they’re after your code. :🧟 💻
Read the full post here
👉 ossprey.com/blog/zombie-...
Zombie Dependencies: they’re not after brains… they’re after your code. :🧟 💻
Read the full post here
👉 ossprey.com/blog/zombie-...
Band wagons are for hopping on, right? Especially if they're easy and fun!
So, everyone, meet Ozzy the Ossprey! He's a lean, mean malware-fighting machine that's here to stomp out open source malware!
Get this limited edition Ozzy the Ossprey in a package manager near you!
#BirdsOfCyber #Ossprey
So, everyone, meet Ozzy the Ossprey! He's a lean, mean malware-fighting machine that's here to stomp out open source malware!
Get this limited edition Ozzy the Ossprey in a package manager near you!
#BirdsOfCyber #Ossprey
April 14, 2025 at 7:19 AM
Band wagons are for hopping on, right? Especially if they're easy and fun!
So, everyone, meet Ozzy the Ossprey! He's a lean, mean malware-fighting machine that's here to stomp out open source malware!
Get this limited edition Ozzy the Ossprey in a package manager near you!
#BirdsOfCyber #Ossprey
So, everyone, meet Ozzy the Ossprey! He's a lean, mean malware-fighting machine that's here to stomp out open source malware!
Get this limited edition Ozzy the Ossprey in a package manager near you!
#BirdsOfCyber #Ossprey
🦅 Last month, OSSPREY graduated from both Cyber Runway!
What started as an idea in a bootcamp is now a full-flight cybersecurity startup with a beta product that hunts for malware in open source.
Over 60 sessions. 6 cities. Countless insights.
🔥 Top takeaways - Build fast, Validate faster.
🧵
What started as an idea in a bootcamp is now a full-flight cybersecurity startup with a beta product that hunts for malware in open source.
Over 60 sessions. 6 cities. Countless insights.
🔥 Top takeaways - Build fast, Validate faster.
🧵
April 11, 2025 at 11:30 AM
🦅 Last month, OSSPREY graduated from both Cyber Runway!
What started as an idea in a bootcamp is now a full-flight cybersecurity startup with a beta product that hunts for malware in open source.
Over 60 sessions. 6 cities. Countless insights.
🔥 Top takeaways - Build fast, Validate faster.
🧵
What started as an idea in a bootcamp is now a full-flight cybersecurity startup with a beta product that hunts for malware in open source.
Over 60 sessions. 6 cities. Countless insights.
🔥 Top takeaways - Build fast, Validate faster.
🧵