OSSPREY's Avatar

OSSPREY

@ossprey.bsky.social

Detect malware in your open source software supply chain

22 Followers  |  86 Following  |  6 Posts  |  Joined: 25.11.2024  |  1.5394

Latest posts by ossprey.bsky.social on Bluesky

Post image

πŸ” New Case Study: How is Google securing the future of machine learning?

By partnering with #sigstore and the Open Source Security Foundation (OpenSSF), they’ve implemented model signing that makes AI systems more trustworthy by default.

openssf.org/blog/2025/07...

28.07.2025 19:13 β€” πŸ‘ 5    πŸ” 3    πŸ’¬ 0    πŸ“Œ 1

Wild times! 🚨 Cybercrime meets geopoliticsβ€”$1M stolen by North Korean hackers. This underscores the urgent need for robust security in crypto. Time to bolster defenses! πŸ”’πŸ’° #CryptoSecurity #Innovation

04.07.2025 07:54 β€” πŸ‘ 1    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0

Talks from the Purdue CERIAS 2025 Cybersecurity Symposium, which took place at the start of April, are available on YouTube

www.youtube.com/playlist?lis...

www.youtube.com/playlist?lis...

02.07.2025 21:41 β€” πŸ‘ 3    πŸ” 3    πŸ’¬ 0    πŸ“Œ 0
Preview
GitLab catches MongoDB Go module supply chain attack Learn how GitLab detected a supply chain attack targeting Go developers through fake MongoDB drivers that deploy persistent backdoor malware.

"Software supply chain attacks via malicious dependencies continue to be one of the most significant security threats to modern software development"

Kudos to our friends over at @gitlab.com for the solid detection and writeup!

about.gitlab.com/blog/gitlab-...

01.07.2025 01:00 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
New Supply Chain Malware Attack Targets npm and PyPI Ecosystems A new supply chain malware attack is targeting the npm and PyPI ecosystems, putting millions of users at risk. This attack aims to compromise software packages distributed through these platforms, potentially affecting millions of users who rely on these ecosystems for their development projects. The technical details of the attack are not specified, but the impact is significant due to the widespread use of npm and PyPI in the developer community.

πŸ“Œ New supply chain malware attack targets npm and PyPI ecosystems, impacting millions of users. #CyberSecurity #Malware https://tinyurl.com/28jfcmu5

10.06.2025 17:42 β€” πŸ‘ 1    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Preview
Threat Actors Attacking Cryptocurrency and Blockchain Developers with Weaponized npm and PyPI Packages - Bytes Europe The cryptocurrency and blockchain development ecosystem is facing an unprecedented surge in sophisticated malware campaigns targeting the open source supply

Threat Actors Attacking Cryptocurrency and Blockchain Developers with Weaponized npm and PyPI Packages

https://www.byteseu.com/1103527/

The cryptocurrency and blockchain development ecosystem is facing an unprecedented surge in sophisticated malware campaigns targeting the open source supply …

14.06.2025 07:52 β€” πŸ‘ 1    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Preview
Hackers Unleash Python-NPM Malware Mashup: A Comedy of Errors in Cybersecurity New research from Checkmarx Zero highlights a malicious software campaign targeting Python and NPM users on Windows and Linux. The campaign uses typosquatting techniques, mimicking legitimate software names to trick users into downloading harmful packages. This cross-ecosystem attack is a rare tactic, aiming to steal sensitive data and maintain long-term system access.

Hackers Unleash Python-NPM Malware Mashup: A Comedy of Errors in Cybersecurity

Checkmarx Zero uncovers a sneaky cross-ecosystem malware targeting Python and NPM users with typosquatting. Don't fall for malicious software tricks!
thenimblenerd.com?p=1047019

02.06.2025 10:14 β€” πŸ‘ 1    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Preview
Malicious PyPi package hides RAT malware, targets Discord devs since 2022 A malicious Python package targeting Discord developers with remote access trojan (RAT) malware was spotted on the Python Package Index (PyPI) after more than three years.

A malicious Python package targeting Discord developers with remote access trojan (RAT) malware was spotted on the Python Package Index (PyPI) after more than three years.

08.05.2025 14:51 β€” πŸ‘ 7    πŸ” 3    πŸ’¬ 0    πŸ“Œ 1
Preview
OSSPREY Published on April 11, 2025

🚨 Supply Chain Security in Focus
See our latest blog post for a technical deep dive into what happened and what it means for engineers and defenders.

πŸ‘‰ ossprey.com/blog/tj-acti...

Let us know your thoughts or what your team is doing to reduce this kind of risk.

#ossprey #BirdsOfCyber

22.04.2025 07:08 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
OSSPREY Published on April 15, 2025

In the era of AI assistants and vibe coding, a new threat emerges from the shadows. It has lurked, hidden and patient, waiting for the right moment.

Zombie Dependencies: they’re not after brains… they’re after your code. :🧟 πŸ’»

Read the full post here
πŸ‘‰ ossprey.com/blog/zombie-...

17.04.2025 07:22 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

Band wagons are for hopping on, right? Especially if they're easy and fun!

So, everyone, meet Ozzy the Ossprey! He's a lean, mean malware-fighting machine that's here to stomp out open source malware!

Get this limited edition Ozzy the Ossprey in a package manager near you!

#BirdsOfCyber #Ossprey

14.04.2025 07:19 β€” πŸ‘ 2    πŸ” 1    πŸ’¬ 1    πŸ“Œ 0
Blog | OSSPREY

πŸ‘‰ Read our blog here : ossprey.com/blog/ πŸ‘ˆ

Massive thanks to Plexal, Department of Science, Technology and Innovation, our mentors, and the incredible UK cyber community for backing bold ideas.

11.04.2025 11:32 β€” πŸ‘ 2    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Post image

πŸ¦… Last month, OSSPREY graduated from both Cyber Runway!

What started as an idea in a bootcamp is now a full-flight cybersecurity startup with a beta product that hunts for malware in open source.

Over 60 sessions. 6 cities. Countless insights.

πŸ”₯ Top takeaways - Build fast, Validate faster.

🧡

11.04.2025 11:30 β€” πŸ‘ 1    πŸ” 1    πŸ’¬ 1    πŸ“Œ 0

@ossprey is following 20 prominent accounts