Tag: PyPI
-
Python’s PyPI Reveals Its Secrets
GitGuardian is famous for its annual State of Secrets Sprawl report. In their 2023 report, they found over 10 million exposed passwords, …
-
PyPI halts new projects, users for 10 hours due to infostealer influx
A malware upload campaign prompted the Python Package Index, aka PyPI, to temporarily suspend new user registrations and new project …
-
PyPI Halts Sign-Ups Amid Surge of Malicious Package Uploads Targeting Developers
The maintainers of the Python Package Index (PyPI) repository briefly suspended new user sign-ups following an influx of malicious projects …
-
PyPI halted new users and projects while it fended off supply-chain attack
PyPI, a vital repository for open source developers, temporarily halted new project creation and new user registration following an …
-
Nova Sentinel infostealer deployed via inactive PyPI package
Malicious updates have been recently issued to the Python Package Index package “django-log-tracker,” which was last modified in April …
-
Dormant PyPI Package Compromised to Spread Nova Sentinel Malware
A dormant package available on the Python Package Index (PyPI) repository was updated nearly after two years to propagate an information …
-
DLL sideloading leveraged by malicious PyPI packages
Malicious Python Package Index packages NP6HelperHttptest and NP6HelperHttper, which had more than 700 cumulative downloads before being …
-
New Typosquatting and Repojacking Tactics Uncovered on PyPI
Security researchers have identified a concerning uptick in malicious activities infiltrating open-source platforms and code repositories. …
-
Cryptominer-spreading PyPI packages target Linux systems
Threat actors have sought to compromise Linux systems with the CoinMiner cryptocurrency mining malware through three novel malicious Python …
-
3 New Malicious PyPI Packages Found Installing CoinMiner on Linux Devices
Researchers identified three malicious PyPI (Python Package Index) packages that deploy a CoinMiner executable on Linux devices, affecting …
-
Malicious PyPI, NPM packages facilitate data exfiltration
Forty-five malicious NPM and PyPI packages have been deployed by threat actors to facilitate extensive data theft operations as part of a …
-
Nascent Malware Attacking npm, PyPI, and RubyGems Developers
Phylum analyzes source code and metadata for all registry-pushed packages. This year, in millions of packages they are aiming to examine …
●●●