Boffins rate npm and PyPI package security and it’s not good
The Open Source Security Foundation (OpenSSF), as its name plainly states, aims to help make open source software more secure, but …
PyPI
Experts found 10 malicious packages on PyPI used to steal developers’ data
10 packages have been removed from the Python Package Index (PyPI) because they were found harvesting data. Check Point researchers have …
10 malicious Python packages exposed in latest repository attack
Researchers have discovered yet another set of malicious packages in PyPi, the official and most popular repository for Python programs …
New Malicious Python Libraries Found on PyPI Repository
Security researchers from Check Point have spotted 10 malicious packages on Python Package Index (PyPI), the primary Python package index …
10 Credential Stealing Python Libraries Found on PyPI Repository
In what’s yet another instance of malicious packages creeping into public code repositories, 10 modules have been removed from the Python …
10 Malicious Code Packages Slither into PyPI Registry
The discovery adds to the growing list of recent incidents where threat actors have used public code repositories to distribute malware in …
School Kid Uploads Ransomware Scripts to PyPI Repository as ‘Fun’ Project
The malware packages had names that were common typosquats of a legitimate widely used Python library. One was downloaded hundreds of …
Sonatype shines light on typosquatting ransomware threat in PyPI
Miscreants making use of typosquatting are being spotted by researchers at Sonatype, emphasizing the need to check that the package is …
A week in security (July 11 – July 17)
Last week on Malwarebytes Labs: Elden Ring maker Bandai Namco hit by ransomware and data leaks Predatory Sparrow massively disrupts steel …
PyPI Mandates 2FA, Plans Google Titan Key Giveaway
Python’s most popular package manager is intent on securing the supply chain by requiring developers to enable two-factor …
Python programming: PyPl is rolling out 2FA for critical projects, giving away 4,000 security keys
4,000 Google Titan security keys should help to protect critical Python projects from software supply chain …
PyPI Repository Makes 2FA Security Mandatory for Critical Python Projects
The maintainers of the official third-party software repository for Python have begun imposing a new two-factor authentication (2FA) …
Hijacking of popular ctx and phpass packages reveals open source security gaps
The Python module “ctx” and a fork of the PHP library “phpass” have recently been modified by an unknown attacker to grab AWS …
Popular PyPI Package ‘ctx’ and PHP Library ‘phpass’ Hijacked to Steal AWS Keys
Two trojanized Python and PHP packages have been uncovered in what’s yet another instance of a software supply chain attack targeting the …