pypi vulnerability
PyPI Goes Quiet After Huge Malware Attack: 500+ Typosquat Fakes Found
Richi Jennings | | code reuse, open source software supply chain security, PyPI, PyPI malicious packages, pypi vuln, pypi vulnerability, python, Python Malware, Python Packages, Python vulnerability, SB Blogwatch, secure software supply chain, software supply chain, software supply chain attack, software supply chain attacks, software supply chain hygiene, Software supply chain management, software supply chain risk, Software Supply Chain risks, software supply chain security, Software Supply Chain Security Risks, Software Supply Chain Security Weaknesses, typosquat, Typosquatting, typosquatting attacks
Emergency stop button: The Python Package Index was drowning in malicious code again, so they had to shut down registration for cleanup ...
Security Boulevard
PyPI Attackers Still At It: Malicious Packages Drop Trojans and Info-stealers
This month, Sonatype’s automated malicious open source and malware detection systems flagged hundreds of malicious packages, 10 of which we have analyzed in this blog post ...
PyPI package ‘ctx’ and PHP library ‘phpass’ compromised to steal environment variables
This week, immensely popular PyPI package 'ctx' has been compromised and altered to steal environment variables from its users. Additionally, a forked PHP project 'phpass' also suffered a repo-hijacking attack with the ...
New ‘pymafka’ malicious package drops Cobalt Strike on macOS, Windows, Linux
Ax Sharma | | DevZone, malware prevention, Nexus Firewall, PyPI, pypi vulnerability, Vulnerabilities
This week, Sonatype's automated malware detection bots have discovered malicious Python package 'pymafka' in the PyPI registry ...
Nexus Intelligence Insights CVE-2019-15753: OpenStack (os-vif), Denial of Service & Information Exposure
Elisa Velarde | | cve-2019-15753, FEATURED, information exposure, Nexus Intelligence Insights, pypi vuln, pypi vulnerability, Vulnerabilities
Our news feeds are filled with reports of malicious attacks on open source code at the project source, most of which are bad actors leveraging code bases for their own gain. While ...