Tag: pypi
-
Supply Chain Attacks Can Exploit Entry Points in Python, npm, and Open-Source Ecosystems
Tags: attack, cybersecurity, exploit, malicious, open-source, programming, pypi, risk, rust, software, supply-chainCybersecurity researchers have found that entry points could be abused across multiple programming ecosystems like PyPI, npm, Ruby Gems, NuGet, Dart Pub, and Rust Crates to stage software supply chain attacks.”Attackers can leverage these entry points to execute malicious code when specific commands are run, posing a widespread risk in the open-source landscape,” Checkmarx researchers…
-
Supply Chain Attacks Exploit Entry Points in Python, npm, and Open-Source Ecosystems
Tags: attack, cybersecurity, exploit, malicious, open-source, programming, pypi, risk, rust, software, supply-chainCybersecurity researchers have found that entry points could be abused across multiple programming ecosystems like PyPI, npm, Ruby Gems, NuGet, Dart Pub, and Rust Crates to stage software supply chain attacks.”Attackers can leverage these entry points to execute malicious code when specific commands are run, posing a widespread risk in the open-source landscape,” Checkmarx researchers…
-
Angriffe auf PyPIChain – Revival Hijack bedroht über 22.000 PyPI-Pakete
First seen on security-insider.de Jump to article: www.security-insider.de/neue-angriffsmethode-python-package-index-jfrog-sicherheitsanalyse-a-94bc7f8a57108d45ec2aae8de5b73926/
-
Malicious crypto wallet tool-spoofing PyPI malware emerges
First seen on scworld.com Jump to article: www.scworld.com/brief/malicious-crypto-wallet-tool-spoofing-pypi-malware-emerges
-
Cryptocurrency Wallets Targeted via Python Packages Uploaded to PyPI
Multiple Python packages referencing dependencies containing cryptocurrency-stealing code were published to PyPI. The post Cryptocurrency Wallets Targeted via Python Packages Uploaded to PyPI appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/cryptocurrency-wallets-targeted-via-python-packages-uploaded-to-pypi/
-
PyPI Repository Found Hosting Fake Crypto Wallet Recovery Tools That Steal User Data
A new set of malicious packages has been unearthed in the Python Package Index (PyPI) repository that masqueraded as cryptocurrency wallet recovery and management services, only to siphon sensitive data and facilitate the theft of valuable digital assets.”The attack targeted users of Atomic, Trust Wallet, Metamask, Ronin, TronLink, Exodus, and other prominent wallets in the…
-
New PyPI Malware Poses as Crypto Wallet Tools to Steal Private Keys
Checkmarx researchers discovered PyPI malware posing as crypto wallet tools. These malicious packages stole private keys and recovery… First seen on hackread.com Jump to article: hackread.com/pypi-malware-crypto-wallet-tools-steal-private-keys/
-
Trouble in Da Hood: Malicious Actors Use Infected PyPI Packages to Target Roblox Cheaters
The world of gaming can be a cut-throat place, with many players turning to online help via third-party programs (‘game hacks’) to get ahead. Although some of these programs offer legitimate game boosts, malicious actors frequently leverage these game hackers’ interest in modifications to deliver malware. One such example can be found in the game……
-
North Korea Targets Software Supply Chain Via PyPI
Backdoored Python Packages Likely Work of ‘Gleaming Pisces,’ Says Palo Alto. A North Korean hacking group with a history of a stealing cryptocurrency is likely behind a raft of poisoned Python packages targeting developers working on the Linux and macOS operating systems in an apparent attempt at a supply chain attack. First seen on govinfosecurity.com…
-
Python-Package-IndexChain Revival-Hijack betrifft über 22.000 Pakete
Das Security-Research-Team von JFrog hat kürzlich eine neue Angriffsmethode im Python-Package-Index (PyPI)-Ökosystem aufgedeckt, bekannt als ‘Revival Hijack”. Diese Technik, die bereits aktiv ausgenutzt wurde, ermöglicht es Angreifern, gelöschte PyPI-Pakete zu übernehmen, was eine erhebliche Bedrohung für die Sicherheit von Open-Source-Software darstellt. Die Analyse ergab, dass rund 22.000 Pakete von dieser Hijacking-Methode betroffen sein könnten, was…
-
Citrine Sleet Poisons PyPI Packages With Mac & Linux Malware
A North Korean advanced persistent threat (APT) actor (aka Gleaming Pisces) tried to sneak simple backdoors into public software packages. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/citrine-sleet-poisons-pypi-packages-mac-linux-malware
-
Check Point entdeckt Typosquatting-Kampagne über PyPI
Für Sicherheitskräfte ist es wichtig, auf das inhärente Risiko hinzuweisen, das mit Open-Source-Komponenten verbunden ist, auch angesichts der zunehme… First seen on infopoint-security.de Jump to article: www.infopoint-security.de/check-point-entdeckt-typosquatting-kampagne-ueber-pypi/a36934/
-
Ein faules Potpourri aus Python-Paketen in PyPI
Tags: pypiFirst seen on welivesecurity.com Jump to article: www.welivesecurity.com/de/eset-research/ein-faules-potpourri-aus-python-paketen-in-pypi/
-
PyPI loophole puts thousands of packages at risk of compromise
Thousands of PyPI packages are at risk of an attack technique dubbed Revival Hijack, which exploits a loophole in the platform’s package naming featur… First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366609663/PyPI-loophole-puts-thousands-of-packages-at-risk-of-compromise
-
The Hidden Dangers in Open Source Libraries: A Closer Look at the Malicious Go Binary Hidden in a PyPI Package
First seen on thefinalhop.com Jump to article: www.thefinalhop.com/the-hidden-dangers-in-open-source-libraries-a-closer-look-at-the-malicious-go-binary-hidden-in-a-pypi-package/
-
Researchers Find Over 22,000 Removed PyPI Packages at Risk of Revival Hijack
A new supply chain attack technique targeting the Python Package Index (PyPI) registry has been exploited in the wild in an attempt to infiltrate down… First seen on thehackernews.com Jump to article: thehackernews.com/2024/09/hackers-hijack-22000-removed-pypi.html
-
‘Revival Hijack’ on PyPI Disguises Malware with Legitimate File Names
First seen on darkreading.com Jump to article: www.darkreading.com/application-security/revival-hijack-on-pypi-disguises-malware-with-legitimate-file-names
-
PyPI Revival Hijack Puts Thousands of Applications at Risk
First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/pypi-revival-hijack/
-
New Supply Chain Attack >>Revival Hijack<< Risks Massive PyPI Takeovers
JFrog’s cybersecurity researchers have identified a new PyPI attack technique called Revival Hijack, which exploits package deletion policies. Over 22… First seen on hackread.com Jump to article: hackread.com/supply-chain-attack-revival-hijack-pypi-takeovers/
-
Widespread PyPI package takeovers likely with new supply chain attack technique
First seen on scmagazine.com Jump to article: www.scmagazine.com/brief/widespread-pypi-package-takeovers-likely-with-new-supply-chain-attack-technique
-
Revival Hijack supply-chain attack threatens 22,000 PyPI packages
Threat actors are utilizing an attack called Revival Hijack, where they register new PyPi projects using the names of previously deleted packages to c… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/revival-hijack-supply-chain-attack-threatens-22-000-pypi-packages/
-
Rogue PyPI Library Solana Users, Steals Blockchain Wallet Keys
Cybersecurity researchers have discovered a new malicious package on the Python Package Index (PyPI) repository that masquerades as a library from the… First seen on thehackernews.com Jump to article: thehackernews.com/2024/08/rogue-pypi-library-solana-users-steals.html
-
Malicious PyPI Package Targets macOS to Steal Google Cloud Credentials
Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that targets Apple macOS systems with the … First seen on thehackernews.com Jump to article: thehackernews.com/2024/07/malicious-pypi-package-targets-macos-to.html
-
Hackers Abused StackExchange Platform To Deliuver Malicious Python Package
Attackers uploaded malicious Python packages targeting Raydium and Solana users to PyPI, leveraging a StackExchange post to distribute the malware. Th… First seen on gbhackers.com Jump to article: gbhackers.com/stackexchange-malware-attack/
-
New PyPI Package Zlibxjson Steals Discord, Browser Data
First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/pypi-package-steals-discord/
-
Targeted PyPi Package Steals Google Cloud Credentials from macOS Devs
The campaign is laser-targeted, bucking the trend of spray-and-pray malicious open source packages turning up in code repositories seemingly every oth… First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/targeted-pypi-package-steals-google-cloud-credentials-macos-devs
-
Attackers exploit StackExchange to load malicious packages to PyPI
First seen on scmagazine.com Jump to article: www.scmagazine.com/news/attackers-exploit-stackexchange-to-load-malicious-packages-to-pypi
-
Infostealing PyPI packages spread through StackExchange
Tags: pypiFirst seen on scmagazine.com Jump to article: www.scmagazine.com/brief/infostealing-pypi-packages-spread-through-stackexchange
-
Google Cloud credentials in macOS targeted by malicious PyPI package
First seen on scmagazine.com Jump to article: www.scmagazine.com/brief/google-cloud-credentials-in-macos-targeted-by-malicious-pypi-package
-
Malicious PyPI Package Targets Google Cloud Creds in macOS
First seen on scmagazine.com Jump to article: www.scmagazine.com/brief/malicious-pypi-package-targets-google-cloud-creds-in-macos