Tag: Packages
-
PyPI Halts Sign-Ups Amid Surge of Malicious Package Uploads Targeting Developers
The maintainers of the Python Package Index (PyPI) repository briefly suspended new user sign-ups following an influx of malicious projects …
-
PyPI Suspends New Projects and Users Due to Malicious Packages
PyPI hit by malware attack! Malicious packages targeting crypto wallets & browser …
-
Over 800 npm Packages Found with Discrepancies, 18 Exploitable to ‘Manifest Confusion’
New research has discovered over 800 packages in the npm registry which have discrepancies from their registry entries, out of which 18 …
-
Beware Of New Malicious PyPI Packages That Steal Wallet Passwords
Threat actors use malicious PyPI packages to infiltrate systems and execute various attacks like data exfiltration, ransomware deployment, …
-
Watch Out: These PyPI Python Packages Can Drain Your Crypto Wallets
Threat hunters have discovered a set of seven packages on the Python Package Index (PyPI) repository that are designed to steal BIP39 …
-
Beware of Typos that May lead to malicious PyPI Package Installation
The notorious Lazarus group, known for its cyber espionage and sabotage activities, has been implicated in the release of malicious …
-
North Korean Hackers Targeting Developers with Malicious npm Packages
A set of fake npm packages discovered on the Node.js repository has been found to share ties with North Korean state-sponsored actors, new …
-
Dormant PyPI Package Compromised to Spread Nova Sentinel Malware
A dormant package available on the Python Package Index (PyPI) repository was updated nearly after two years to propagate an information …
-
New Malicious PyPI Packages Use DLL Sideloading In A Supply Chain Attack
Researchers have discovered that threat actors have been using open-source platforms and codes for several purposes, such as hosting C2 …
-
OpenSSF and CISA partner on Principles for Package Repository Security
According to the OpenSSF, package repositories are a critical point in the open source ecosystem for either allowing or preventing attacks. …
-
Hackers Deploy Malicious npm Packages on GitHub to Steal SSH Keys
Two malicious npm packages were discovered on the npm open source package manager, which leverages GitHub to store stolen Base64-encrypted …
-
Malicious NPM Packages Exfiltrate Hundreds of Developer SSH Keys via GitHub
Two malicious packages discovered on the npm package registry have been found to leverage GitHub to store Base64-encrypted SSH keys stolen …
●●●