Tag: pypi
-
Malicious PyPI Package ‘Pytoileur’ Targets Windows and Leverages Stack Overflow for Distribution
by
in SecurityNewsAnother day, another PyPI malware package. But this one has a new way to (try to) sneak into your computer. The post day, another PyPI malware package… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/05/malicious-pypi-package-pytoileur-targets-windows-and-leverages-stack-overflow-for-distribution/
-
Malicious PyPI NPM Packages Attacking MacOS Users
by
in SecurityNewsCybersecurity researchers have identified a series of malicious software packages targeting MacOS users. These packages, found on the Python Package I… First seen on gbhackers.com Jump to article: gbhackers.com/malicious-pypi-npm-packages/
-
Malicious PyPI ‘requests’ fork hides backdoor in PNG file
by
in SecurityNewsFirst seen on scmagazine.com Jump to article: www.scmagazine.com/news/malicious-pypi-requests-fork-hides-backdoor-in-png-file
-
Malicious PyPi Requests Fork Hides Backdoor In PNG File
by
in SecurityNewsFirst seen on packetstormsecurity.com Jump to article: packetstormsecurity.com/news/view/35880/Malicious-PyPi-Requests-Fork-Hides-Backdoor-In-PNG-File.html
-
PyPi package backdoors Macs using the Sliver pen-testing suite
by
in SecurityNewsA new package mimicked the popular ‘requests’ library on the Python Package Index (PyPI) to target macOS devices with the Sliver C2 adversary framewor… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/pypi-package-backdoors-macs-using-the-sliver-pen-testing-suite/
-
Typosquatting campaign, malicious packages slam PyPi
by
in SecurityNewsThreat actors used automated typosquatting attacks to lead victims to malicious python packages in yet another campaign targeting the open-source soft… First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366577455/Typosquatting-campaign-malicious-packages-slam-PyPi
-
Malicious PyPI Package Attacking Discord Users To Steal Credentials
by
in SecurityNewsHackers often target PyPI packages to exploit vulnerabilities and inject malicious code into widely used Python libraries. Recently, cybersecurity res… First seen on gbhackers.com Jump to article: gbhackers.com/malicious-pypi-package-discord-credentials/
-
Python’s PyPI Reveals Its Secrets
by
in SecurityNewsGitGuardian is famous for its annual State of Secrets Sprawl report. In their 2023 report, they found over 10 million exposed passwords, API keys, and… First seen on thehackernews.com Jump to article: thehackernews.com/2024/04/blog-post.html
-
PyPI halted new users and projects while it fended off supply-chain attack
by
in SecurityNewsFirst seen on arstechnica.com Jump to article: arstechnica.com/
-
Python Package Index als Ziel von Cyberangriffen – Check Point entdeckt Typosquatting-Angriffe bei PyPI
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/check-point-entdeckt-typosquatting-angriffe-bei-pypi-a-84eb4b72a9bfeb31e3d55c1c4070e1f8/
-
PyPI Halts Sign-Ups Amid Surge of Malicious Package Uploads Targeting Developers
by
in SecurityNewsThe maintainers of the Python Package Index (PyPI) repository briefly suspended new user sign-ups following an influx of malicious projects uploaded a… First seen on thehackernews.com Jump to article: thehackernews.com/2024/03/pypi-halts-sign-ups-amid-surge-of.html
-
PyPI Malicious Package Uploads Used To Target Developers
by
in SecurityNewsIn light of the recent cybercriminal activity, new user sign-ups on the PyPI platform were halted. Currently, an increase in PyPI malicious package up… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/04/pypi-malicious-package-uploads-used-to-target-developers/
-
Beware Of New Malicious PyPI Packages That Steal Wallet Passwords
by
in SecurityNewsThreat actors use malicious PyPI packages to infiltrate systems and execute various attacks like data exfiltration, ransomware deployment, or system c… First seen on gbhackers.com Jump to article: gbhackers.com/malicious-pypi-packages-crypto-wallets/
-
Watch Out: These PyPI Python Packages Can Drain Your Crypto Wallets
by
in SecurityNewsThreat hunters have discovered a set of seven packages on the Python Package Index (PyPI) repository that are designed to steal;BIP39 mnemonic phrases… First seen on thehackernews.com Jump to article: thehackernews.com/2024/03/watch-out-these-pypi-python-packages.html
-
Japan Blames North Korea for PyPI Supply Chain Cyberattack
by
in SecurityNewsFirst seen on darkreading.com Jump to article: www.darkreading.com/application-security/japan-blames-north-korea-for-pypi-supply-chain-cyberattack
-
Dormant PyPI Package Compromised to Spread Nova Sentinel Malware
by
in SecurityNewsA dormant package available on the Python Package Index (PyPI) repository was updated nearly after two years to propagate an information stealer malwa… First seen on thehackernews.com Jump to article: thehackernews.com/2024/02/dormant-pypi-package-compromised-to.html
-
Lazarus Exploits Typos to Sneak PyPI Malware into Dev Systems
by
in SecurityNewsThe notorious North Korean state-backed hacking group Lazarus uploaded four packages to the Python Package Index (PyPI) repository with the goal of in… First seen on thehackernews.com Jump to article: thehackernews.com/2024/02/lazarus-exploits-typos-to-sneak-pypi.html
-
Securing software repositories leads to better OSS security
by
in SecurityNewsMalicious software packages are found on public software repositories such as GitHub, PyPI and the npm registry seemingly every day. Attackers use a n… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/03/04/securing-software-repositories/
-
Japan warns of malicious PyPi packages created by North Korean hackers
by
in SecurityNews
Tags: computer, group, hacker, hacking, incident response, lazarus, malicious, north-korea, pypi, security-incidentJapan’s Computer Security Incident Response Team (JPCERT/CC) is warning that the notorious North Korean hacking group Lazarus has uploaded four malici… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/japan-warns-of-malicious-pypi-packages-created-by-north-korean-hackers/
-
Beware of Typos that May lead to Malicious PyPI Package Installation
by
in SecurityNewsCybersecurity experts have raised alarms over a new threat vector targeting Python developers: typo-squatting on the Python Package Index (PyPI). The … First seen on gbhackers.com Jump to article: gbhackers.com/malicious-pypi-package-installation/
-
New Malicious PyPI Packages Use DLL Sideloading In A Supply Chain Attack
by
in SecurityNewsResearchers have discovered that threat actors have been using open-source platforms and codes for several purposes, such as hosting C2 infrastructure… First seen on gbhackers.com Jump to article: gbhackers.com/malicious-pypi-packages-dll-sideloading/
-
New Typosquatting and Repojacking Tactics Uncovered on PyPI
by
in SecurityNewsFirst seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/typosquatting-repojacking-tactics/
-
PyPIKampagne: Bedrohungsakteur JuiceLedger greift Lieferketten an
by
in SecurityNewsDie Gruppe JuiceLedger scheint ihre Fähigkeiten sehr schnell weiterentwickelt zu haben, was die erfolgreiche Kompromittierung der Lieferkette eines gr… First seen on infopoint-security.de Jump to article: www.infopoint-security.de/pypi-phishing-kampagne-bedrohungsakteur-juiceledger-greift-lieferketten-an/a32102/
-
Check Point warnt erneut vor betrügerischen Paketen auf PyPI
by
in SecurityNews
Tags: pypiMithilfe maschineller Lernmodelle konnte Check Point die betrügerischen Pakete, die Vorgaben, Hilfsprogramme zu sein, auf PyPI erkennen. Diese luden i… First seen on infopoint-security.de Jump to article: www.infopoint-security.de/check-point-warnt-erneut-vor-betruegerischen-paketen-auf-pypi/a33859/