Tag: pypi

Legacy Python Bootstrap Scripts Create Domain-Takeover Risk in Multiple PyPI Packages

Nov 28, 2025 6:49 PM

Tags: automation, cybersecurity, pypi, risk, supply-chain, tool, vulnerability

Cybersecurity researchers have discovered vulnerable code in legacy Python packages that could potentially pave the way for a supply chain compromise on the Python Package Index (PyPI) via a domain takeover attack.Software supply chain security company ReversingLabs said it found the “vulnerability” in bootstrap files provided by a build and deployment automation tool named “zc.buildout.””The…
Malicious PyPI Package Used by Hackers to Steal Users’ Crypto Information

Nov 24, 2025 12:49 PM

Tags: access, attack, backdoor, control, crypto, cyber, cybersecurity, hacker, infrastructure, malicious, pypi, supply-chain

Cybersecurity researchers have uncovered a sophisticated supply-chain attack targeting Python developers through a malicious package distributed via the Python Package Index (PyPI). The malicious package, named >>spellcheckers,
Malicious PyPI Package Used by Hackers to Steal Users’ Crypto Information

Nov 24, 2025 12:49 PM

Tags: access, attack, backdoor, control, crypto, cyber, cybersecurity, hacker, infrastructure, malicious, pypi, supply-chain

Cybersecurity researchers have uncovered a sophisticated supply-chain attack targeting Python developers through a malicious package distributed via the Python Package Index (PyPI). The malicious package, named >>spellcheckers,
Malicious PyPI Package Used by Hackers to Steal Users’ Crypto Information

Nov 24, 2025 12:49 PM

Tags: access, attack, backdoor, control, crypto, cyber, cybersecurity, hacker, infrastructure, malicious, pypi, supply-chain

Cybersecurity researchers have uncovered a sophisticated supply-chain attack targeting Python developers through a malicious package distributed via the Python Package Index (PyPI). The malicious package, named >>spellcheckers,
Spam flooding npm registry with token stealers still isn’t under control

Nov 17, 2025 7:49 AM

Tags: access, antivirus, attack, authentication, blockchain, breach, control, credentials, crypto, detection, edr, exploit, finance, firewall, governance, identity, login, malicious, malware, mfa, monitoring, network, open-source, pypi, risk, software, spam, supply-chain, threat, tool, worm

CSO that number has now grown to 153,000.And while this payload merely steals tokens, other threat actors are paying attention, said Sonatype CTO Brian Fox.When Sonatype wrote about the campaign just over a year ago, it found a mere 15,000 packages that appeared to come from a single person.With the swollen numbers reported this week,…
Worm flooding npm registry with token stealers still isn’t under control

Nov 15, 2025 5:49 AM

Tags: access, antivirus, attack, authentication, blockchain, breach, control, credentials, crypto, detection, edr, exploit, finance, firewall, governance, identity, login, malicious, malware, mfa, monitoring, network, open-source, pypi, risk, software, supply-chain, threat, tool, worm

CSO that number has now grown to 153,000.”It’s unfortunate that the worm isn’t under control yet,” said Sonatype CTO Brian Fox.And while this payload merely steals tokens, other threat actors are paying attention, he predicted.”I’m sure somebody out there in the world is looking at this massively replicating worm and wondering if they can ride…
Rogue MCP servers can take over Cursor’s built-in browser

Nov 13, 2025 3:49 PM

Tags: access, ai, api, attack, computer, control, data, defense, github, pypi, vulnerability

Defenses: Organizations must review and control, both through policy and access controls, the IDE extensions and MCP servers their developers use. They should do this just like they should be vetting application dependencies from package registries such as npm or PyPI to prevent the compromise of developer machines or inheriting vulnerabilities in their code.Attackers are…
Modern supply-chain attacks and their real-world impact

Nov 4, 2025 9:19 AM

Tags: access, ai, apache, attack, authentication, backdoor, breach, china, control, credentials, crowdstrike, crypto, cybersecurity, data, defense, email, espionage, exploit, github, group, infection, infosec, injection, intelligence, korea, lazarus, LLM, malicious, malware, marketplace, mfa, microsoft, network, north-korea, open-source, password, phishing, pypi, qr, risk, social-engineering, software, supply-chain, tactics, theft, threat, tool, worm, zero-day

This is what modern software supply-chain attacks look like. Since the industry-shaking SolarWinds compromise of 2020, the threat landscape has changed dramatically. Early high-profile incidents targeted build servers or tampered software updates. Today’s attackers prefer a softer entry point: the humans maintaining open-source projects.In the last two years, the majority of large-scale supply-chain intrusions have…
Modern supply-chain attacks and their real-world impact

Nov 4, 2025 9:19 AM

Tags: access, ai, apache, attack, authentication, backdoor, breach, china, control, credentials, crowdstrike, crypto, cybersecurity, data, defense, email, espionage, exploit, github, group, infection, infosec, injection, intelligence, korea, lazarus, LLM, malicious, malware, marketplace, mfa, microsoft, network, north-korea, open-source, password, phishing, pypi, qr, risk, social-engineering, software, supply-chain, tactics, theft, threat, tool, worm, zero-day

This is what modern software supply-chain attacks look like. Since the industry-shaking SolarWinds compromise of 2020, the threat landscape has changed dramatically. Early high-profile incidents targeted build servers or tampered software updates. Today’s attackers prefer a softer entry point: the humans maintaining open-source projects.In the last two years, the majority of large-scale supply-chain intrusions have…
Modern supply-chain attacks and their real-world impact

Nov 4, 2025 9:19 AM

Tags: access, ai, apache, attack, authentication, backdoor, breach, china, control, credentials, crowdstrike, crypto, cybersecurity, data, defense, email, espionage, exploit, github, group, infection, infosec, injection, intelligence, korea, lazarus, LLM, malicious, malware, marketplace, mfa, microsoft, network, north-korea, open-source, password, phishing, pypi, qr, risk, social-engineering, software, supply-chain, tactics, theft, threat, tool, worm, zero-day

This is what modern software supply-chain attacks look like. Since the industry-shaking SolarWinds compromise of 2020, the threat landscape has changed dramatically. Early high-profile incidents targeted build servers or tampered software updates. Today’s attackers prefer a softer entry point: the humans maintaining open-source projects.In the last two years, the majority of large-scale supply-chain intrusions have…
Open-source security group pulls out of U.S. grant, citing DEI restrictions

Oct 29, 2025 7:26 PM

Tags: cybersecurity, group, open-source, pypi, software

The Trump administration’s zeal to stamp out diversity, equity and inclusion programs is affecting national cybersecurity research, as a key open-source security foundation announced it would reject federal grant funding. The Python Software Foundation (PSF), which promotes safe and secure Python coding practices and helps oversee PyPI, the world’s largest open-source code repository for Python,…
Open-source security group pulls out of U.S. grant, citing DEI restrictions

Oct 29, 2025 7:26 PM

Tags: cybersecurity, group, open-source, pypi, software

The Trump administration’s zeal to stamp out diversity, equity and inclusion programs is affecting national cybersecurity research, as a key open-source security foundation announced it would reject federal grant funding. The Python Software Foundation (PSF), which promotes safe and secure Python coding practices and helps oversee PyPI, the world’s largest open-source code repository for Python,…
Serious vulnerability found in Rust library

Oct 23, 2025 5:26 AM

Tags: advisory, attack, backup, container, control, data, email, exploit, flaw, incident response, infection, infosec, linux, malicious, open-source, pypi, radius, remote-code-execution, rust, software, supply-chain, unauthorized, update, vulnerability

async-tar Rust library. And not only is it in this library, but also in its many forks, including the widely used tokio-tar.”In the worst-case scenario, this vulnerability has a severity of 8.1 (High) and can lead to Remote Code Execution (RCE) through file overwriting attacks, such as replacing configuration files or hijacking build backends,” the researchers say…
npm, PyPI, and RubyGems Packages Found Sending Developer Data to Discord Channels

Oct 14, 2025 10:23 AM

Tags: authentication, breach, control, cybersecurity, data, malicious, pypi

Cybersecurity researchers have identified several malicious packages across npm, Python, and Ruby ecosystems that leverage Discord as a command-and-control (C2) channel to transmit stolen data to actor-controlled webhooks.Webhooks on Discord are a way to post messages to channels in the platform without requiring a bot user or authentication, making them an attractive mechanism for attackers…
npm, PyPI, and RubyGems Packages Found Sending Developer Data to Discord Channels

Oct 14, 2025 10:23 AM

Tags: authentication, breach, control, cybersecurity, data, malicious, pypi

Cybersecurity researchers have identified several malicious packages across npm, Python, and Ruby ecosystems that leverage Discord as a command-and-control (C2) channel to transmit stolen data to actor-controlled webhooks.Webhooks on Discord are a way to post messages to channels in the platform without requiring a bot user or authentication, making them an attractive mechanism for attackers…
Threat Actors Exploit Discord Webhooks for C2 via npm, PyPI, and Ruby Packages

Oct 12, 2025 6:24 PM

Tags: control, cyber, data, exploit, open-source, pypi, threat

Threat actors are increasingly abusing Discord webhooks as covert command-and-control (C2) channels inside open-source packages, enabling stealthy exfiltration of secrets, host telemetry, and developer environment data without standing up bespoke infrastructure. Socket’s Threat Research Team has documented active abuse across npm, PyPI, and RubyGems, where hard-coded Discord webhook URLs act as write-only sinks to siphon…
Alert: Malicious PyPI Package soopsocks Infects 2,653 Systems Before Takedown

Oct 2, 2025 4:41 PM

Tags: backdoor, cybersecurity, malicious, pypi, service, windows

Cybersecurity researchers have flagged a malicious package on the Python Package Index (PyPI) repository that claims to offer the ability to create a SOCKS5 proxy service, while also providing a stealthy backdoor-like functionality to drop additional payloads on Windows systems.The deceptive package, named soopsocks, attracted a total of 2,653 downloads before it was taken down.…
Alert: Malicious PyPI Package soopsocks Infects 2,653 Systems Before Takedown

Oct 2, 2025 4:41 PM

Tags: backdoor, cybersecurity, malicious, pypi, service, windows

Cybersecurity researchers have flagged a malicious package on the Python Package Index (PyPI) repository that claims to offer the ability to create a SOCKS5 proxy service, while also providing a stealthy backdoor-like functionality to drop additional payloads on Windows systems.The deceptive package, named soopsocks, attracted a total of 2,653 downloads before it was taken down.…
Phishing Campaign Targets PyPI Maintainers with Fake Login Site

Sep 26, 2025 5:08 PM

Tags: credentials, login, open-source, phishing, pypi

Fake PyPI login site phishing campaign threatens developer credentials and the open-source supply chain. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/phishing-campaign-targets-pypi-maintainers-with-fake-login-site/
New Phishing Scam Aims at PyPI Maintainers to Steal Login Information

Sep 25, 2025 5:16 PM

Tags: cyber, email, login, malicious, phishing, pypi, scam

A fresh wave of domain-confusion phishing emails is sweeping through the Python community, once again setting its sights on PyPI maintainers. As malicious actors continually swap out domain names, PyPI users must remain vigilant and adopt stronger safeguards to protect their accounts. In this latest iteration, maintainers receive an unsolicited email urging them to “verify…
New Phishing Scam Aims at PyPI Maintainers to Steal Login Information

Sep 25, 2025 5:16 PM

Tags: cyber, email, login, malicious, phishing, pypi, scam

A fresh wave of domain-confusion phishing emails is sweeping through the Python community, once again setting its sights on PyPI maintainers. As malicious actors continually swap out domain names, PyPI users must remain vigilant and adopt stronger safeguards to protect their accounts. In this latest iteration, maintainers receive an unsolicited email urging them to “verify…
PyPI invalidates tokens stolen in GhostAction supply chain attack

Sep 18, 2025 4:15 PM

Tags: attack, breach, pypi, software, supply-chain, threat

The Python Software Foundation team has invalidated all PyPI tokens stolen in the GhostAction supply chain attack in early September, confirming that the threat actors didn’t abuse them to publish malware. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/pypi-invalidates-tokens-stolen-in-ghostaction-supply-chain-attack/
SilentSync RAT Delivered via Two Malicious PyPI Packages Targeting Python Developers

Sep 18, 2025 3:15 PM

Tags: access, cybersecurity, malicious, pypi, rat, windows

Cybersecurity researchers have discovered two new malicious packages in the Python Package Index (PyPI) repository that are designed to deliver a remote access trojan called SilentSync on Windows systems.”SilentSync is capable of remote command execution, file exfiltration, and screen capturing,” Zscaler ThreatLabz’s Manisha Ramcharan Prajapati and Satyam Singh said. “SilentSync also extracts First seen on…
Malicious Typosquatted PyPI Packages Spreading SilentSync RAT

Sep 18, 2025 9:15 AM

Tags: access, cyber, malicious, pypi, rat, risk, supply-chain

On August 4, 2025, Zscaler ThreatLabz uncovered two malicious Python packages”, sisaws and secmeasure”, that deliver SilentSync, a Python-based remote access trojan (RAT), to unsuspecting developers. Both packages leverage typosquatting to impersonate legitimate libraries in the Python Package Index (PyPI), posing a serious supply-chain risk to projects that install them. SilentSync’s versatile capabilities include remote…
Malicious Typosquatted PyPI Packages Spreading SilentSync RAT

Sep 18, 2025 9:15 AM

Tags: access, cyber, malicious, pypi, rat, risk, supply-chain

On August 4, 2025, Zscaler ThreatLabz uncovered two malicious Python packages”, sisaws and secmeasure”, that deliver SilentSync, a Python-based remote access trojan (RAT), to unsuspecting developers. Both packages leverage typosquatting to impersonate legitimate libraries in the Python Package Index (PyPI), posing a serious supply-chain risk to projects that install them. SilentSync’s versatile capabilities include remote…
Malicious PyPI Packages Deliver SilentSync RAT

Sep 18, 2025 5:16 AM

Tags: access, api, attack, backdoor, breach, browser, chrome, cloud, control, credentials, data, detection, email, endpoint, government, healthcare, identity, linux, macOS, malicious, malware, network, open-source, password, pypi, rat, risk, service, software, supply-chain, threat, windows

IntroductionZscaler ThreatLabz regularly monitors for threats in the popular Python Package Index (PyPI), which contains open source libraries that are frequently used by many Python developers. In July 2025, a malicious Python package named termncolor was identified by ThreatLabz. Just a few weeks later, on August 4, 2025, ThreatLabz uncovered two more malicious Python packages…
Chinese-Made Villager AI Pentest Tool Raises Cobalt Strike-Like Concerns

Sep 16, 2025 11:16 PM

Tags: ai, china, malicious, penetration-testing, pypi, RedTeam, tool

Villager is being pitched as a legitimate AI-powered pentest tool for red teams, but the platform, made by Chinese company Cyberspike, has been loaded almost 11,000 times on PyPI in two months, raising concerns that it is on the same path as Cobalt Strike, another red team tool that became a favorite of malicious actors.…
Chinese AI Villager Pen Testing Tool Hits 11,000 PyPI Downloads

Sep 16, 2025 5:16 PM

Tags: ai, china, kali, penetration-testing, pypi, threat, tool

AI-native Villager, which automates Kali and DeepSeek penetration tests, has reached 11,000 PyPI downloads fueling dual-use threat First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/chinese-ai-villager-pen-testing/
CobaltStrike’s AI-native successor, ‘Villager,’ makes hacking too easy

Sep 16, 2025 3:16 PM

Tags: ai, attack, control, credentials, detection, exploit, framework, governance, hacking, identity, incident response, intelligence, network, pypi, RedTeam, risk, supply-chain, threat, update, vulnerability, windows

Supply chain and detection risks: Villager’s presence on a trusted public repository like PyPI, where it was downloaded over 10,000 times over the last two months, introduces a new vector for supply chain compromise. Jason Soroko, senior fellow at Sectigo, advised that organizations “focus first on package provenance by mirroring PyPI, enforcing allow lists for…
CobaltStrike’s AI-native successor, ‘Villager,’ makes hacking too easy

Sep 16, 2025 3:16 PM

Tags: ai, attack, control, credentials, detection, exploit, framework, governance, hacking, identity, incident response, intelligence, network, pypi, RedTeam, risk, supply-chain, threat, update, vulnerability, windows

Supply chain and detection risks: Villager’s presence on a trusted public repository like PyPI, where it was downloaded over 10,000 times over the last two months, introduces a new vector for supply chain compromise. Jason Soroko, senior fellow at Sectigo, advised that organizations “focus first on package provenance by mirroring PyPI, enforcing allow lists for…