PyPI
PyPI Malicious Package Uploads Used To Target Developers
Wajahat Raja | | Check Point, Checkmarx, countermeasures, Cyber Threats, Cybersecurity, Cybersecurity News, data theft, Developer Security, digital assets, Malicious package uploads, Malware, online security, package management, persistence, Phylum, PyPI, risk mitigation, software supply chain, Typosquatting, Windows operating system
In light of the recent cybercriminal activity, new user sign-ups on the PyPI platform were halted. Currently, an increase in PyPI malicious package uploads is being deemed the reason behind the suspension ...
PyPI Goes Quiet After Huge Malware Attack: 500+ Typosquat Fakes Found
Richi Jennings | | code reuse, open source software supply chain security, PyPI, PyPI malicious packages, pypi vuln, pypi vulnerability, python, Python Malware, Python Packages, Python vulnerability, SB Blogwatch, secure software supply chain, software supply chain, software supply chain attack, software supply chain attacks, software supply chain hygiene, Software supply chain management, software supply chain risk, Software Supply Chain risks, software supply chain security, Software Supply Chain Security Risks, Software Supply Chain Security Weaknesses, typosquat, Typosquatting, typosquatting attacks
Emergency stop button: The Python Package Index was drowning in malicious code again, so they had to shut down registration for cleanup ...
Security Boulevard
Malicious Packages in npm, PyPI Highlight Supply Chain Threat
Jeffrey Burt | | cyberattacks, npm security, PyPI, PyPI malicious packages, software supply chain attack, supply chain
Software developers are being targeted with malicious packages in npm and PyPI as threat groups launch software supply-chain attacks ...
Security Boulevard
3 Malicious PyPI Packages Hide CoinMiner on Linux Devices
Rohan Timalsina | | coinminer, Crypto, Crypto miners, Cyber Threats, Cybersecurity, Cybersecurity Weaknesses, Developer Security, Linux & Open Source News, linux systems, open source, PyPI, PyPI malicious packages, Python developers, Python Malware
In a recent cybersecurity revelation, the Python Package Index (PyPI) has fallen victim to the infiltration of three malicious packages: modularseven, driftme, and catme. These packages, although now removed, managed to amass ...
PyPI Malicious Packages with Thousands of Downloads Targeting Python Developers
Rohan Timalsina | | Cyber Threats, cybersecurity defense strategies, Cybersecurity Weaknesses, enterprise security, Linux & Open Source News, PyPI, PyPI malicious packages, Python developers, Python Malware, Python Packages, steganography malware
For the past six months, an unidentified threat actor has been slipping malicious packages into the Python Package Index (PyPI), a repository for Python software. The aim? To unleash malware capable of ...
Unveiling BlazeStealer Malware Python Packages on PyPI
Wajahat Raja | | BlazeStealer Malware, code obfuscation, Crypto-Themed npm Modules, Cyber Threats, Cybersecurity News, Cybersecurity Threat, data theft, developers, Discord Bot, Geographic Impact, Malicious Modules, open source development, Package Vetting, Phylum, Proactive Cybersecurity, PyPI, Python Packages, security breach, software supply chain security, Vigilance
In a recent revelation, a cluster of malicious Python packages has infiltrated the Python Package Index (PyPI), posing a significant threat to developers’ systems by aiming to pilfer sensitive information. These deceptive ...
Malicious PyPI package ‘VMConnect’ imitates VMware vSphere connector module
This month, we analyzed a malicious PyPI package called ‘VMConnect,’ which has been designed to strongly resemble the legitimate VMware vSphere connector module, ‘vConnector’, except it hides sinister code within ...
“Quoi…? feur” from meme to malware – PyPI package targets Windows with ‘NullRAT’ info-stealer
We’ve got a rather interesting malicious finding this month to talk about, the one that mixes a meme with malware ...
PyPI Attackers Still At It: Malicious Packages Drop Trojans and Info-stealers
This month, Sonatype’s automated malicious open source and malware detection systems flagged hundreds of malicious packages, 10 of which we have analyzed in this blog post ...