Tag: pypi
-
RubyGems, PyPI Hit by Malicious Packages Stealing Credentials, Crypto, Forcing Security Changes
A fresh set of 60 malicious packages has been uncovered targeting the RubyGems ecosystem by posing as seemingly innocuous automation tools for social media, blogging, or messaging services to steal credentials from unsuspecting users.The activity is assessed to be active since at least March 2023, according to the software supply chain security company Socket. Cumulatively,…
-
PyPI Issues Advisory to Prevent ZIP Parser Confusion Attacks on Python Package Installers
The Python Package Index (PyPI) has announced new restrictions aimed at mitigating ZIP parser confusion attacks that could exploit discrepancies in how Python package installers and inspectors handle ZIP archives. This move comes in response to vulnerabilities identified in tools like the uv installer, which exhibits different extraction behaviors compared to Python-based installers relying on…
-
Threat Actors Exploit Open-Source Vulnerabilities to Spread Malicious Code
Tags: ai, cyber, data, exploit, malicious, malware, open-source, pypi, software, supply-chain, threat, vulnerabilityFortiGuard Labs has reported a sustained trend in the exploitation of open-source software (OSS) repositories for malware dissemination within supply chain ecosystems. As development workflows increasingly depend on third-party packages, adversaries are capitalizing on vulnerabilities in platforms like NPM and PyPI to inject malicious code, facilitate data exfiltration, and inflict broader damage. Leveraging proprietary AI-driven…
-
Lazarus Hackers Weaponize 234 npm and PyPI Packages to Infect Developers
Sonatype’s automated detection systems have uncovered an expansive and ongoing infiltration of the global open-source ecosystem by the notorious Lazarus Group, a threat actor believed to be backed by North Korea’s Reconnaissance General Bureau. Between January and July 2025, Sonatype identified and blocked 234 malicious software packages deployed through both the npm and PyPI open-source…
-
Hackers target Python devs in phishing attacks using fake PyPI site
The Python Software Foundation warned users this week that threat actors are trying to steal their credentials in phishing attacks using a fake Python Package Index (PyPI) website. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-target-python-devs-in-phishing-attacks-using-fake-pypi-site/
-
PyPI maintainers alert users to email verification phishing attack
PyPI warns of phishing emails from noreply@pypj[.]org posing as >>[PyPI] Email verification>[PyPI] Email verification
-
PyPI Warns of Ongoing Phishing Campaign Using Fake Verification Emails and Lookalike Domain
The maintainers of the Python Package Index (PyPI) repository have issued a warning about an ongoing phishing attack that’s targeting users in an attempt to redirect them to fake PyPI sites.The attack involves sending email messages bearing the subject line “[PyPI] Email verification” that are sent from the email address noreply@pypj[.]org (note that the domain…
-
PyPI Alerts Developers to New Phishing Attack Using Fake PyPI Site
Python developers are being warned about a sophisticated phishing campaign targeting users of the Python Package Index (PyPI) through fraudulent emails and a deceptive clone of the official repository website. While PyPI’s infrastructure remains secure, attackers are exploiting developer trust by impersonating the legitimate service to harvest user credentials. Attack Details and Methodology The phishing…
-
PyPI Blocks Inbox.ru Domains After 1,500+ Fake Package Uploads
The Python Package Index (PyPI) has implemented an administrative block on the inbox.ru email domain, prohibiting its use for new user registrations and as additional verification addresses. This action stems from a recent campaign that exploited the domain to create over 250 fraudulent accounts, which in turn uploaded more than 1,500 empty projects. These bogus…
-
Malicious PyPI Package Targets Developer Credentials
JFrog uncovers multi-stage malware harvesting cloud secrets. Multi-stage malware embedded in a Python package is stealing sensitive cloud infrastructure data, JFrog researchers said Monday. The package steals credentials, configuration files, API tokens and other data from corporate cloud environments. It targets developers using the Chimera sandbox platform. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/malicious-pypi-package-targets-developer-credentials-a-28725
-
Malicious PyPI package targets Chimera users to steal AWS tokens, CI/CD secrets
Tags: attack, control, exploit, malicious, monitoring, open-source, pypi, rce, remote-code-execution, supply-chainProtection needs a multi-layered approach: Experts are treating the chimera-sandbox-extension incident as more than just another malicious package takedown. While JFrog acted quickly”, alerting PyPI maintainers, removing the package, and updating its Xray scannerresearchers agree that a one-time fix isn’t enough.”Within the last five years, attackers have leveraged PyPI and other package managers to exploit…
-
PyPI repositories targeted by malicious ‘Chimera-Sandbox Extensions’
First seen on scworld.com Jump to article: www.scworld.com/news/pypi-repositories-targeted-by-malicious-chimera-sandbox-extensions
-
PyPI repositories targeted by malicious ‘Chimera-Sandbox Extensions’
First seen on scworld.com Jump to article: www.scworld.com/news/pypi-repositories-targeted-by-malicious-chimera-sandbox-extensions
-
Hackers Upload Weaponized Packages to PyPI Repositories to Steal AWS Tokens and Sensitive Data
The JFrog Security Research team has uncovered a sophisticated malicious package named >>chimera-sandbox-extensions>chimerai,
-
PyPI, npm, and AI Tools Exploited in Malware Surge Targeting DevOps and Cloud Environments
Cybersecurity researchers from SafeDep and Veracode detailed a number of malware-laced npm packages that are designed to execute remote code and download additional payloads.The packages in question are listed below -eslint-config-airbnb-compat (676 Downloads)ts-runtime-compat-check (1,588 Downloads)solders (983 Downloads)@mediawave/lib (386 Downloads)All the identified npm First seen on thehackernews.com Jump to article: thehackernews.com/2025/06/malicious-pypi-package-masquerades-as.html
-
Malicious PyPI Package Masquerades as Chimera Module to Steal AWS, CI/CD, and macOS Data
Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that’s capable of harvesting sensitive developer-related information, such as credentials, configuration data, and environment variables, among others.The package, named chimera-sandbox-extensions, attracted 143 downloads and likely targets users of a service called Chimera Sandbox, First seen on thehackernews.com Jump to article: thehackernews.com/2025/06/malicious-pypi-package-masquerades-as.html
-
New Supply Chain Malware Operation Hits npm and PyPI Ecosystems, Targeting Millions Globally
Cybersecurity researchers have flagged a supply chain attack targeting over a dozen packages associated with GlueStack to deliver malware.The malware, introduced via a change to “lib/commonjs/index.js,” allows an attacker to run shell commands, take screenshots, and upload files to infected machines, Aikido Security told The Hacker News, stating these packages collectively account for nearly 1…
-
Malicious PyPI, npm, and Ruby Packages Exposed in Ongoing Open-Source Supply Chain Attacks
Several malicious packages have been uncovered across the npm, Python, and Ruby package repositories that drain funds from cryptocurrency wallets, erase entire codebases after installation, and exfiltrate Telegram API tokens, once again demonstrating the variety of supply chain threats lurking in open-source ecosystems.The findings come from multiple reports published by Checkmarx, First seen on thehackernews.com…
-
New PyPI Supply Chain Attacks Target Python and NPM Users on Windows and Linux
Checkmarx Zero researcher Ariel Harush has uncovered a sophisticated malicious package campaign targeting Python and NPM users across Windows and Linux platforms through typo-squatting and name-confusion attacks against popular packages. This coordinated supply chain attack demonstrates unprecedented cross-ecosystem tactics and advanced evasion techniques that security researchers warn represent an evolution in open-source threats. Cross-Ecosystem Typo-Squatting…
-
Weaponized PyPI Package Executes Supply Chain Attack to Steal Solana Private Keys
A chilling discovery by Socket’s Threat Research Team has exposed a meticulously crafted supply chain attack on the Python Package Index (PyPI), orchestrated by a threat actor using the alias >>cappership.
-
Poisoned models in fake Alibaba SDKs show challenges of securing AI supply chains
Malicious code in ML models is hard to detect: While Hugging Face hosts models directly, PyPI hosts Python software packages, so detection of poisoned models hidden inside Pickle files hidden inside packages could prove even harder for developers and PyPI’s maintainers, given the extra layer of obfuscation.The attack campaign discovered by ReversingLabs involved three packages:…
-
Malicious PyPI packages exploit ML models to deploy infostealer
First seen on scworld.com Jump to article: www.scworld.com/brief/malicious-pypi-packages-exploit-ml-models-to-deploy-infostealer
-
Malware Hidden in AI Models on PyPI Targets Alibaba AI Labs Users
ReversingLabs discovers new malware hidden inside AI/ML models on PyPI, targeting Alibaba AI Labs users. Learn how attackers… First seen on hackread.com Jump to article: hackread.com/malware-ai-models-pypi-targets-alibaba-ai-labs-users/
-
Malicious Machine Learning Model Attack Discovered on PyPI
A novel attack exploited machine learning models on PyPI, using zipped Pickle files to deliver infostealer malware First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/malicious-machine-learning-model/
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 46
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Sarcoma Ransomware Unveiled: Anatomy of a Double Extortion Gang RVTools Bumblebee Malware Attack How a Trusted IT Tool Became a Malware Delivery Vector Malicious ‘Checker’ Packages on PyPI Probe TikTok and Instagram for Valid Accounts […]…
-
TikTok, Instagram APIs exploited by PyPI packages for account validation
First seen on scworld.com Jump to article: www.scworld.com/brief/tiktok-instagram-apis-exploited-by-pypi-packages-for-account-validation
-
Schädliche PyPI-Pakete missbrauchen Instagram- und TikTok-APIs
Cybersecurity-Forscher haben mehrere bösartige Python-Pakete entdeckt, die gezielt auf gestohlene E-Mail-Adressen angesetzt wurden. Die Tools nutzten offizielle Programmierschnittstellen (APIs) von TikTok und Instagram, um zu prüfen, ob bestimmte E-Mail-Adressen mit Nutzerkonten verknüpft sind. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/pypi-instagram-tiktok-apis