Tag: pypi
-
PyPI Repository Found Hosting Fake Crypto Wallet Recovery Tools That Steal User Data
A new set of malicious packages has been unearthed in the Python Package Index (PyPI) repository that masqueraded as cryptocurrency wallet recovery an… First seen on thehackernews.com Jump to article: thehackernews.com/2024/10/pypi-repository-found-hosting-fake.html
-
PyPI loophole puts thousands of packages at risk of compromise
by
in SecurityNewsThousands of PyPI packages are at risk of an attack technique dubbed Revival Hijack, which exploits a loophole in the platform’s package naming featur… First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366609663/PyPI-loophole-puts-thousands-of-packages-at-risk-of-compromise
-
New PyPI Malware Poses as Crypto Wallet Tools to Steal Private Keys
by
in SecurityNewsFirst seen on hackread.com Jump to article: hackread.com/pypi-malware-crypto-wallet-tools-steal-private-keys/
-
Trouble in Da Hood: Malicious Actors Use Infected PyPI Packages to Target Roblox Cheaters
by
in SecurityNewsThe world of gaming can be a cut-throat place, with many players turning to online help via third-party programs (‘game hacks’) to get ahead. Although… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/09/trouble-in-da-hood-malicious-actors-use-infected-pypi-packages-to-target-roblox-cheaters/
-
Citrine Sleet Poisons PyPI Packages With Mac & Linux Malware
by
in SecurityNewsFirst seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/citrine-sleet-poisons-pypi-packages-mac-linux-malware
-
North Korea Targets Software Supply Chain Via PyPI
by
in SecurityNewsBackdoored Python Packages Likely Work of ‘Gleaming Pisces,’ Says Palo Alto. A North Korean hacking group with a history of a stealing cryptocurrency … First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/north-korea-targets-software-supply-chain-via-pypi-a-26344
-
Researchers Find Over 22,000 Removed PyPI Packages at Risk of Revival Hijack
by
in SecurityNewsA new supply chain attack technique targeting the Python Package Index (PyPI) registry has been exploited in the wild in an attempt to infiltrate down… First seen on thehackernews.com Jump to article: thehackernews.com/2024/09/hackers-hijack-22000-removed-pypi.html
-
‘Revival Hijack’ on PyPI Disguises Malware with Legitimate File Names
by
in SecurityNewsFirst seen on darkreading.com Jump to article: www.darkreading.com/application-security/revival-hijack-on-pypi-disguises-malware-with-legitimate-file-names
-
PyPI Revival Hijack Puts Thousands of Applications at Risk
by
in SecurityNewsFirst seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/pypi-revival-hijack/
-
New Supply Chain Attack >>Revival Hijack<< Risks Massive PyPI Takeovers
by
in SecurityNewsJFrog’s cybersecurity researchers have identified a new PyPI attack technique called Revival Hijack, which exploits package deletion policies. Over 22… First seen on hackread.com Jump to article: hackread.com/supply-chain-attack-revival-hijack-pypi-takeovers/
-
Widespread PyPI package takeovers likely with new supply chain attack technique
by
in SecurityNewsFirst seen on scmagazine.com Jump to article: www.scmagazine.com/brief/widespread-pypi-package-takeovers-likely-with-new-supply-chain-attack-technique
-
Hackers Hijack 22,000 Removed PyPI Packages, Spreading Malicious Code to Developers
by
in SecurityNewsA new supply chain attack technique targeting the Python Package Index (PyPI) registry has been exploited in the wild in an attempt to infiltrate down… First seen on thehackernews.com Jump to article: thehackernews.com/2024/09/hackers-hijack-22000-removed-pypi.html
-
Rogue PyPI Library Solana Users, Steals Blockchain Wallet Keys
by
in SecurityNewsCybersecurity researchers have discovered a new malicious package on the Python Package Index (PyPI) repository that masquerades as a library from the… First seen on thehackernews.com Jump to article: thehackernews.com/2024/08/rogue-pypi-library-solana-users-steals.html
-
Malicious PyPI Package Targets macOS to Steal Google Cloud Credentials
by
in SecurityNewsCybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that targets Apple macOS systems with the … First seen on thehackernews.com Jump to article: thehackernews.com/2024/07/malicious-pypi-package-targets-macos-to.html
-
Hackers Abused StackExchange Platform To Deliuver Malicious Python Package
by
in SecurityNewsAttackers uploaded malicious Python packages targeting Raydium and Solana users to PyPI, leveraging a StackExchange post to distribute the malware. Th… First seen on gbhackers.com Jump to article: gbhackers.com/stackexchange-malware-attack/
-
New PyPI Package Zlibxjson Steals Discord, Browser Data
by
in SecurityNewsFirst seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/pypi-package-steals-discord/
-
Targeted PyPi Package Steals Google Cloud Credentials from macOS Devs
by
in SecurityNewsThe campaign is laser-targeted, bucking the trend of spray-and-pray malicious open source packages turning up in code repositories seemingly every oth… First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/targeted-pypi-package-steals-google-cloud-credentials-macos-devs
-
Attackers exploit StackExchange to load malicious packages to PyPI
by
in SecurityNewsFirst seen on scmagazine.com Jump to article: www.scmagazine.com/news/attackers-exploit-stackexchange-to-load-malicious-packages-to-pypi
-
Infostealing PyPI packages spread through StackExchange
by
in SecurityNews
Tags: pypiFirst seen on scmagazine.com Jump to article: www.scmagazine.com/brief/infostealing-pypi-packages-spread-through-stackexchange
-
StackExchange abused to spread malicious PyPi packages as answers
by
in SecurityNewsThreat actors uploaded malicious Python packages to the PyPI repository and promoted them through the StackExchange online question and answer platfor… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/stackexchange-abused-to-spread-malicious-pypi-packages-as-answers/
-
Google Cloud credentials in macOS targeted by malicious PyPI package
by
in SecurityNewsFirst seen on scmagazine.com Jump to article: www.scmagazine.com/brief/google-cloud-credentials-in-macos-targeted-by-malicious-pypi-package
-
Malicious PyPI Package Targets Google Cloud Creds in macOS
First seen on scmagazine.com Jump to article: www.scmagazine.com/brief/malicious-pypi-package-targets-google-cloud-creds-in-macos
-
Beware Of Malicious Python Packages That Steal Users Sensitive Data
by
in SecurityNewsMalicious Python packages uploaded by >>dsfsdfds
-
PyPI Packages Leak User Data to Telegram Bot, Iraqi Cybercriminals Suspected
by
in SecurityNewsExperts at Checkmarx have uncovered PyPI packages containing a malicious script in the >>init.py
-
Iraqi Hackers Exploit PyPI to Infiltrate Systems Through Python Packages
by
in SecurityNewsFirst seen on hackread.com Jump to article: hackread.com/iraqi-hackers-exploit-pypi-infiltrate-system-python-packages/
-
Hackers Target Python Developers with Fake Crytic-Compilers Package on PyPI
by
in SecurityNewsCybersecurity researchers have discovered a malicious Python package uploaded to the Python Package Index (PyPI) repository that’s designed to deliver… First seen on thehackernews.com Jump to article: thehackernews.com/2024/06/hackers-target-python-developers-with.html
-
300+ Times Downloaded Package from PyPI Contains Wiper Components
by
in SecurityNewsReversingLabs researchers recently uncovered a malicious open-source package named xFileSyncerx on the Python Package Index (PyPI). This package, whic… First seen on gbhackers.com Jump to article: gbhackers.com/300-times-downloaded-pypi-wiper/
-
Stack Overflow exploited to distribute cryptostealer-spreading PyPI package
by
in SecurityNewsFirst seen on scmagazine.com Jump to article: www.scmagazine.com/brief/stack-overflow-exploited-to-distribute-cryptostealer-spreading-pypi-package
-
Cybercriminals pose as helpful Stack Overflow users to push malware
by
in SecurityNewsCybercriminals are abusing Stack Overflow in an interesting approach to spreading malware, answering users’ questions by promoting a malicious PyPi pa… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cybercriminals-pose-as-helpful-stack-overflow-users-to-push-malware/
-
Malicious PyPI Package ‘Pytoileur’ Targets Windows and Leverages Stack Overflow for Distribution
by
in SecurityNewsAnother day, another PyPI malware package. But this one has a new way to (try to) sneak into your computer. The post day, another PyPI malware package… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/05/malicious-pypi-package-pytoileur-targets-windows-and-leverages-stack-overflow-for-distribution/