Safety Cybersecurity Research

In addition to our industry leading Vulnerability Database, our security researchers and engineers share in-depth technical analysis on emerging threats, vulnerability patterns, and evolving attack vectors targeting the software supply chain. Our library contains detailed technical research, practical security guidance, and insights from our work analyzing millions of packages and code changes. Whether you're a security professional, developer, or technical leader, you'll find substantive analysis you can apply to your security practices.
This content is also featured in our Blog, which contains additional content that's not focused on cybersecurity research.

Solana-Drainer Malware Steals Jupyter Notebooks and Source Code

Threat actors are using Python libraries targeting the Solana cryptocurrency ecosystem

Paul McCarty

June 9, 2025

•

8 mins

Yeshen-Asia Threat Campaign

A sprawling threat campaign over six months spanning dozens of npm packages.

Paul McCarty

July 21, 2025

•

8 mins

Russian hackers manipulate npm to make realistic packages

Safety’s malicious package detection identified a malicious npm package today named express-exp. This package was brand new, and had only one version, 1.0.1.

Paul McCarty

June 9, 2025

•

10 mins

Payment processor publishes official NPM package that leaks credit card data via ngrok

A new npm package published by Cashfree leaks credit card data to an ngrok endpoint.

Paul McCarty

June 9, 2025

•

11 mins

Libwebp: Special Vulnerability Advisory (CVE-2023-4863)

In-depth analysis of a recently discovered vulnerability in the libwebp library.

Robin Birne

March 20, 2025

•

cURL Vulnerability CVE-2023-38545 for Python Systems

A high-severity vulnerability in cURL and its associated library libcurl was disclosed on 11 October, 2023.

Robin Birney

March 20, 2025

•

3 mins

Lessons from the Recent PyTorch Supply Chain Attack

A recent attack by ethical hackers on PyTorch, a popular Machine Learning library, is a stark reminder of the importance of securing software supply chains.

Robin Birney

May 21, 2025

•

3 mins

NVD Update Delays and the Impact on the Developer Community: Safety Cybersecurity's Proactive Response

NVD Update Delays and the Impact on the Developer Community: Safety Cybersecurity's Proactive Response

Robin Birney

March 21, 2025

•

5 mins

Typosquatting Cyberattack on PyPI Suspends New User and Project Creation

Robin Birney

March 20, 2025

•

4 mins

Navigating the NVD Backlog with Safety's Leading Vulnerability Data

The National Vulnerability Database backlog has left many in the cybersecurity community concerned about reliability and timeliness of vulnerability data.

Robin Birney

March 21, 2025

•

4 mins

Critical Supply Chain Attack Targets Ultralytics AI Library

A software supply chain attack recently compromised multiple versions of Ultralytics YOLO, one of the most widely used Python AI libraries for computer vision tasks.

Robin Birney

March 21, 2025

•

4 mins

CryptoAITools Supply Chain Attack: What It Means for Package Security

A recently-discovered malicious package has raised alarms across the cryptocurrency development community.

Robin Birney

February 25, 2025

•

4 mins

Safety CLI Team Uncovers Unpublished Vulnerability in TensorFlow: CVE-2023-33976

Safety's Cybersecurity Intelligence team discovered an unpublished vulnerability (CVE-2023-33976) in the TensorFlow Python package.

Robin Birney

February 25, 2025

•

3 mins

Understanding the Security Vulnerability in the llama-cpp-python Package

A critical security vulnerability was discovered in the llama-cpp-python package, which could have significant implications for systems using this library.

Robin Birney

February 25, 2025

•

4 mins

Understanding Open Source Licenses: Mitigating Risks and Ensuring Compliance with Safety CLI

Learn how to navigate the complexities of open-source licenses to mitigate legal and operational risks.

Robin Birney

February 25, 2025

•

3 mins

Secure your supply chain in 60 seconds.
‍No sales calls, no complex setup.
Just instant protection.

Get Started for Free

View Documentation

CTA Graph

Supply Chain Security Research Updates

Stay informed on emerging threats, novel attack vectors, and vulnerability research from Safety's cybersecurity team. Technical analysis, not product updates.

By subscribing you agree to our Privacy Policy

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.

Products

Safety Firewall Safety CLI Safety MCP Safety Platform Vulnerability Database

Resources

Research & Blog Documentation Integrations Pricing & Plans GitHub

Company

About Careers Trust Center

Legal

Terms of Service Data Processing Privacy Policy Manage Cookies

© 2025 Safety CLI Cybersecurity Inc. All rights reserved.

Privacy Policy Terms of Service