pypi vulnerability

Image with text "Pytorch Lightning Compromised" with icon of a skull next to it

Malicious PyTorch Lightning Packages Found on PyPI

| | Malware, Malware Analysis, open-source malware, PyPI, pypi vulnerability, python
TL;DR Two malicious versions of the popular PyTorch Lightning package have been uploaded to PyPI following the publisher account’s compromise. Lightning versions 2.6.2 and 2.6.3 (tracked as sonatype-2026-002817) were published on April ...
2024 Sonatype Blog
Closeup of person going “Shhh!”

PyPI Goes Quiet After Huge Malware Attack: 500+ Typosquat Fakes Found

| | code reuse, open source software supply chain security, PyPI, PyPI malicious packages, pypi vuln, pypi vulnerability, python, Python Malware, Python Packages, Python vulnerability, SB Blogwatch, secure software supply chain, software supply chain, software supply chain attack, software supply chain attacks, software supply chain hygiene, Software supply chain management, software supply chain risk, Software Supply Chain risks, software supply chain security, Software Supply Chain Security Risks, Software Supply Chain Security Weaknesses, typosquat, Typosquatting, typosquatting attacks
Emergency stop button: The Python Package Index was drowning in malicious code again, so they had to shut down registration for cleanup ...
Security Boulevard
PyPI Attackers Still At It: Malicious Packages Drop Trojans and Info-stealers

PyPI Attackers Still At It: Malicious Packages Drop Trojans and Info-stealers

| | FEATURED, open source, PyPI, pypi vulnerability, vulnerability
This month, Sonatype’s automated malicious open source and malware detection systems flagged hundreds of malicious packages, 10 of which we have analyzed in this blog post ...
Sonatype Blog

PyPI package ‘ctx’ and PHP library ‘phpass’ compromised to steal environment variables

| | DevZone, FEATURED, firewall, malware prevention, pypi vulnerability, Vulnerabilities
This week, immensely popular PyPI package 'ctx' has been compromised and altered to steal environment variables from its users. Additionally, a forked PHP project 'phpass' also suffered a repo-hijacking attack with the ...
Sonatype Blog

New ‘pymafka’ malicious package drops Cobalt Strike on macOS, Windows, Linux

| | DevZone, malware prevention, Nexus Firewall, PyPI, pypi vulnerability, Vulnerabilities
This week, Sonatype's automated malware detection bots have discovered malicious Python package 'pymafka' in the PyPI registry ...
Sonatype Blog

Nexus Intelligence Insights CVE-2019-15753: OpenStack (os-vif), Denial of Service & Information Exposure

| | cve-2019-15753, FEATURED, information exposure, Nexus Intelligence Insights, pypi vuln, pypi vulnerability, Vulnerabilities
Our news feeds are filled with reports of malicious attacks on open source code at the project source, most of which are bad actors leveraging code bases for their own gain. While ...
Sonatype Blog