Threat Hunting Insights

The specific malicious packages we identified and how we found them

Featured Articles

Flexible policy enforcement with Minder profile selectors

Dan Barr /

4 mins read

Sep 19, 2024

Minder

Tutorials

Profile selectors, now available in Minder, enable you to customize how profiles are applied to your software supply chain. With selectors, you can apply the right rules to the right resources to increase compliance flexibility and reduce alert fatigue.

Cross-platform RAT deployed by weaponized 'requests' clone

Luke Hinds / Poppaea McDermott /

5 mins read

Aug 30, 2024

Threat Analysis

On August 29th, Stacklok’s automated threat detection platform alerted us to the presence of malicious code in a newly published PyPI package named "invokehttp." This package raised red flags due to inconsistencies in its metadata and the absence of any verified connection to its claimed GitHub repository. The attacker opted to link the package to a popular Selenium ChromeDriver GitHub repository. This has the same effect of exploiting the repository’s high number of stars, forks, and followers, adding a layer of credibility to invokehttp.

5 risk factors of open source software beyond CVEs

Stacklok Editorial Team /

6 mins read

Aug 20, 2024

Open Source Security

The presence or lack of software vulnerabilities, or CVEs, isn't the only way to determine whether open source software is "safe" to use. In this post, we'll explore other risk factors that you should evaluate to determine which dependencies to use in your software projects.