A keen-eyed researcher at SANS recently wrote about a new and rather specific sort of supply chain attack against open-source software modules in Python and PHP. Following on-line discussions about a suspicious public Python module, Yee Ching Tok noted that a package called in the popular PyPi repository had suddenly received an “update”, despite not otherwise being touched since late 2014.
Read full article on Naked Security