Hot Topics

PyPI

PyPI Malicious Package Uploads Used To Target Developers

| | Check Point, Checkmarx, countermeasures, Cyber Threats, Cybersecurity, Cybersecurity News, data theft, Developer Security, digital assets, Malicious package uploads, Malware, online security, package management, persistence, Phylum, PyPI, risk mitigation, software supply chain, Typosquatting, Windows operating system
In light of the recent cybercriminal activity, new user sign-ups on the PyPI platform were halted. Currently, an increase in PyPI malicious package uploads is being deemed the reason behind the suspension ...
TuxCare
Closeup of person going “Shhh!”

PyPI Goes Quiet After Huge Malware Attack: 500+ Typosquat Fakes Found

| | code reuse, open source software supply chain security, PyPI, PyPI malicious packages, pypi vuln, pypi vulnerability, python, Python Malware, Python Packages, Python vulnerability, SB Blogwatch, secure software supply chain, software supply chain, software supply chain attack, software supply chain attacks, software supply chain hygiene, Software supply chain management, software supply chain risk, Software Supply Chain risks, software supply chain security, Software Supply Chain Security Risks, Software Supply Chain Security Weaknesses, typosquat, Typosquatting, typosquatting attacks
Emergency stop button: The Python Package Index was drowning in malicious code again, so they had to shut down registration for cleanup ...
Security Boulevard
supply chain software

Malicious Packages in npm, PyPI Highlight Supply Chain Threat

| | cyberattacks, npm security, PyPI, PyPI malicious packages, software supply chain attack, supply chain
Software developers are being targeted with malicious packages in npm and PyPI as threat groups launch software supply-chain attacks ...
Security Boulevard

3 Malicious PyPI Packages Hide CoinMiner on Linux Devices

| | coinminer, Crypto, Crypto miners, Cyber Threats, Cybersecurity, Cybersecurity Weaknesses, Developer Security, Linux & Open Source News, linux systems, open source, PyPI, PyPI malicious packages, Python developers, Python Malware
In a recent cybersecurity revelation, the Python Package Index (PyPI) has fallen victim to the infiltration of three malicious packages: modularseven, driftme, and catme. These packages, although now removed, managed to amass ...
TuxCare

PyPI Malicious Packages with Thousands of Downloads Targeting Python Developers

| | Cyber Threats, cybersecurity defense strategies, Cybersecurity Weaknesses, enterprise security, Linux & Open Source News, PyPI, PyPI malicious packages, Python developers, Python Malware, Python Packages, steganography malware
For the past six months, an unidentified threat actor has been slipping malicious packages into the Python Package Index (PyPI), a repository for Python software. The aim? To unleash malware capable of ...
TuxCare

Unveiling BlazeStealer Malware Python Packages on PyPI

| | BlazeStealer Malware, code obfuscation, Crypto-Themed npm Modules, Cyber Threats, Cybersecurity News, Cybersecurity Threat, data theft, developers, Discord Bot, Geographic Impact, Malicious Modules, open source development, Package Vetting, Phylum, Proactive Cybersecurity, PyPI, Python Packages, security breach, software supply chain security, Vigilance
In a recent revelation, a cluster of malicious Python packages has infiltrated the Python Package Index (PyPI), posing a significant threat to developers’ systems by aiming to pilfer sensitive information. These deceptive ...
TuxCare
Malicious PyPI package ‘VMConnect’ imitates VMware vSphere connector module

Malicious PyPI package ‘VMConnect’ imitates VMware vSphere connector module

| | DevZone, Malware Analysis, open source, PyPI
This month, we analyzed a malicious PyPI package called ‘VMConnect,’ which has been designed to strongly resemble the legitimate VMware vSphere connector module, ‘vConnector’, except it hides sinister code within ...
Sonatype Blog
“Quoi...? feur” from meme to malware – PyPI package targets Windows with ‘NullRAT’ info-stealer

“Quoi…? feur” from meme to malware – PyPI package targets Windows with ‘NullRAT’ info-stealer

| | DevZone, Malware Analysis, PyPI, Sonatype Repository Firewall
We’ve got a rather interesting malicious finding this month to talk about, the one that mixes a meme with malware ...
Sonatype Blog
PyPI Attackers Still At It: Malicious Packages Drop Trojans and Info-stealers

PyPI Attackers Still At It: Malicious Packages Drop Trojans and Info-stealers

| | FEATURED, open source, PyPI, pypi vulnerability, vulnerability
This month, Sonatype’s automated malicious open source and malware detection systems flagged hundreds of malicious packages, 10 of which we have analyzed in this blog post ...
Sonatype Blog
Malware Monthly - March 2023

Malware Monthly – March 2023

| | DevZone, FEATURED, Malware Monthly, malware prevention, npm, PyPI, Vulnerabilities
  ...
Sonatype Blog
Load more