Tag: pypi
-
Open-source security group pulls out of U.S. grant, citing DEI restrictions
The Trump administration’s zeal to stamp out diversity, equity and inclusion programs is affecting national cybersecurity research, as a key open-source security foundation announced it would reject federal grant funding. The Python Software Foundation (PSF), which promotes safe and secure Python coding practices and helps oversee PyPI, the world’s largest open-source code repository for Python,…
-
Open-source security group pulls out of U.S. grant, citing DEI restrictions
The Trump administration’s zeal to stamp out diversity, equity and inclusion programs is affecting national cybersecurity research, as a key open-source security foundation announced it would reject federal grant funding. The Python Software Foundation (PSF), which promotes safe and secure Python coding practices and helps oversee PyPI, the world’s largest open-source code repository for Python,…
-
npm, PyPI, and RubyGems Packages Found Sending Developer Data to Discord Channels
Cybersecurity researchers have identified several malicious packages across npm, Python, and Ruby ecosystems that leverage Discord as a command-and-control (C2) channel to transmit stolen data to actor-controlled webhooks.Webhooks on Discord are a way to post messages to channels in the platform without requiring a bot user or authentication, making them an attractive mechanism for attackers…
-
npm, PyPI, and RubyGems Packages Found Sending Developer Data to Discord Channels
Cybersecurity researchers have identified several malicious packages across npm, Python, and Ruby ecosystems that leverage Discord as a command-and-control (C2) channel to transmit stolen data to actor-controlled webhooks.Webhooks on Discord are a way to post messages to channels in the platform without requiring a bot user or authentication, making them an attractive mechanism for attackers…
-
Threat Actors Exploit Discord Webhooks for C2 via npm, PyPI, and Ruby Packages
Threat actors are increasingly abusing Discord webhooks as covert command-and-control (C2) channels inside open-source packages, enabling stealthy exfiltration of secrets, host telemetry, and developer environment data without standing up bespoke infrastructure. Socket’s Threat Research Team has documented active abuse across npm, PyPI, and RubyGems, where hard-coded Discord webhook URLs act as write-only sinks to siphon…
-
Alert: Malicious PyPI Package soopsocks Infects 2,653 Systems Before Takedown
Cybersecurity researchers have flagged a malicious package on the Python Package Index (PyPI) repository that claims to offer the ability to create a SOCKS5 proxy service, while also providing a stealthy backdoor-like functionality to drop additional payloads on Windows systems.The deceptive package, named soopsocks, attracted a total of 2,653 downloads before it was taken down.…
-
Alert: Malicious PyPI Package soopsocks Infects 2,653 Systems Before Takedown
Cybersecurity researchers have flagged a malicious package on the Python Package Index (PyPI) repository that claims to offer the ability to create a SOCKS5 proxy service, while also providing a stealthy backdoor-like functionality to drop additional payloads on Windows systems.The deceptive package, named soopsocks, attracted a total of 2,653 downloads before it was taken down.…
-
Phishing Campaign Targets PyPI Maintainers with Fake Login Site
Fake PyPI login site phishing campaign threatens developer credentials and the open-source supply chain. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/phishing-campaign-targets-pypi-maintainers-with-fake-login-site/
-
New Phishing Scam Aims at PyPI Maintainers to Steal Login Information
A fresh wave of domain-confusion phishing emails is sweeping through the Python community, once again setting its sights on PyPI maintainers. As malicious actors continually swap out domain names, PyPI users must remain vigilant and adopt stronger safeguards to protect their accounts. In this latest iteration, maintainers receive an unsolicited email urging them to “verify…
-
New Phishing Scam Aims at PyPI Maintainers to Steal Login Information
A fresh wave of domain-confusion phishing emails is sweeping through the Python community, once again setting its sights on PyPI maintainers. As malicious actors continually swap out domain names, PyPI users must remain vigilant and adopt stronger safeguards to protect their accounts. In this latest iteration, maintainers receive an unsolicited email urging them to “verify…
-
PyPI invalidates tokens stolen in GhostAction supply chain attack
The Python Software Foundation team has invalidated all PyPI tokens stolen in the GhostAction supply chain attack in early September, confirming that the threat actors didn’t abuse them to publish malware. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/pypi-invalidates-tokens-stolen-in-ghostaction-supply-chain-attack/
-
SilentSync RAT Delivered via Two Malicious PyPI Packages Targeting Python Developers
Cybersecurity researchers have discovered two new malicious packages in the Python Package Index (PyPI) repository that are designed to deliver a remote access trojan called SilentSync on Windows systems.”SilentSync is capable of remote command execution, file exfiltration, and screen capturing,” Zscaler ThreatLabz’s Manisha Ramcharan Prajapati and Satyam Singh said. “SilentSync also extracts First seen on…
-
Malicious Typosquatted PyPI Packages Spreading SilentSync RAT
On August 4, 2025, Zscaler ThreatLabz uncovered two malicious Python packages”, sisaws and secmeasure”, that deliver SilentSync, a Python-based remote access trojan (RAT), to unsuspecting developers. Both packages leverage typosquatting to impersonate legitimate libraries in the Python Package Index (PyPI), posing a serious supply-chain risk to projects that install them. SilentSync’s versatile capabilities include remote…
-
Malicious Typosquatted PyPI Packages Spreading SilentSync RAT
On August 4, 2025, Zscaler ThreatLabz uncovered two malicious Python packages”, sisaws and secmeasure”, that deliver SilentSync, a Python-based remote access trojan (RAT), to unsuspecting developers. Both packages leverage typosquatting to impersonate legitimate libraries in the Python Package Index (PyPI), posing a serious supply-chain risk to projects that install them. SilentSync’s versatile capabilities include remote…
-
Malicious PyPI Packages Deliver SilentSync RAT
IntroductionZscaler ThreatLabz regularly monitors for threats in the popular Python Package Index (PyPI), which contains open source libraries that are frequently used by many Python developers. In July 2025, a malicious Python package named termncolor was identified by ThreatLabz. Just a few weeks later, on August 4, 2025, ThreatLabz uncovered two more malicious Python packages…
-
Chinese-Made Villager AI Pentest Tool Raises Cobalt Strike-Like Concerns
Villager is being pitched as a legitimate AI-powered pentest tool for red teams, but the platform, made by Chinese company Cyberspike, has been loaded almost 11,000 times on PyPI in two months, raising concerns that it is on the same path as Cobalt Strike, another red team tool that became a favorite of malicious actors.…
-
Chinese AI Villager Pen Testing Tool Hits 11,000 PyPI Downloads
AI-native Villager, which automates Kali and DeepSeek penetration tests, has reached 11,000 PyPI downloads fueling dual-use threat First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/chinese-ai-villager-pen-testing/
-
CobaltStrike’s AI-native successor, ‘Villager,’ makes hacking too easy
Tags: ai, attack, control, credentials, detection, exploit, framework, governance, hacking, identity, incident response, intelligence, network, pypi, RedTeam, risk, supply-chain, threat, update, vulnerability, windowsSupply chain and detection risks: Villager’s presence on a trusted public repository like PyPI, where it was downloaded over 10,000 times over the last two months, introduces a new vector for supply chain compromise. Jason Soroko, senior fellow at Sectigo, advised that organizations “focus first on package provenance by mirroring PyPI, enforcing allow lists for…
-
CobaltStrike’s AI-native successor, ‘Villager,’ makes hacking too easy
Tags: ai, attack, control, credentials, detection, exploit, framework, governance, hacking, identity, incident response, intelligence, network, pypi, RedTeam, risk, supply-chain, threat, update, vulnerability, windowsSupply chain and detection risks: Villager’s presence on a trusted public repository like PyPI, where it was downloaded over 10,000 times over the last two months, introduces a new vector for supply chain compromise. Jason Soroko, senior fellow at Sectigo, advised that organizations “focus first on package provenance by mirroring PyPI, enforcing allow lists for…
-
China-Linked AI Pentest Tool ‘Villager’ Raises Concern After 10K Downloads
China-linked AI tool Villager, published on PyPI, automates cyberattacks and has got experts worried after 10,000 downloads in… First seen on hackread.com Jump to article: hackread.com/china-ai-pentest-tool-villager-10k-downloads/
-
AI-Powered Villager Pen Testing Tool Hits 11,000 PyPI Downloads Amid Abuse Concerns
Tags: ai, china, cybercrime, framework, intelligence, malicious, penetration-testing, pypi, RedTeam, toolA new artificial intelligence (AI)-powered penetration testing tool linked to a China-based company has attracted nearly 11,000 downloads on the Python Package Index (PyPI) repository, raising concerns that it could be repurposed by cybercriminals for malicious purposes.Dubbed Villager, the framework is assessed to be the work of Cyberspike, which has positioned the tools as a…
-
GitHub Actions missbraucht
Mit der neuen Angriffskampagne “GhostAction” haben es Cyberkriminelle auf die GitHub-Lieferkette abgesehen.Sicherheitsforscher von GitGuardian haben eine neue Angriffskampagne namens ‘GhostAction” aufgedeckt, die die GitHub-Lieferkette ins Visier nimmt. Dabei manipulieren die Angreifer GitHub-Actions-Workflows, also die automatisierten Prozesse, die in einem GitHub-Repository als Reaktion auf spezifische Eventsdefiniert sind. So konnten die Cyberkriminellen laut den Forschern 3.325 Secrets…
-
GitHub Actions missbraucht
Mit der neuen Angriffskampagne “GhostAction” haben es Cyberkriminelle auf die GitHub-Lieferkette abgesehen.Sicherheitsforscher von GitGuardian haben eine neue Angriffskampagne namens ‘GhostAction” aufgedeckt, die die GitHub-Lieferkette ins Visier nimmt. Dabei manipulieren die Angreifer GitHub-Actions-Workflows, also die automatisierten Prozesse, die in einem GitHub-Repository als Reaktion auf spezifische Eventsdefiniert sind. So konnten die Cyberkriminellen laut den Forschern 3.325 Secrets…
-
71% of CISOs hit with third-party security incident this year
Tags: access, ai, application-security, attack, backdoor, breach, ceo, cisa, ciso, cloud, compliance, control, credentials, cyber, cybersecurity, data, defense, exploit, incident response, intelligence, malicious, malware, open-source, penetration-testing, phishing, programming, pypi, resilience, risk, risk-management, sbom, security-incident, service, software, startup, supply-chain, threat, toolSoftware supply chain threats: The software supply chain is heavily reliant on code developed by third-party developers, something only likely to increase with the advent of AI.Brian Fox, co-founder and CTO of open-source software security vendor Sonatype, says that “enormously complex” software supply chains pose a growing threat.”Too many organizations have no idea what open-source…
-
71% of CISOs hit with third-party security incident this year
Tags: access, ai, application-security, attack, backdoor, breach, ceo, cisa, ciso, cloud, compliance, control, credentials, cyber, cybersecurity, data, defense, exploit, incident response, intelligence, malicious, malware, open-source, penetration-testing, phishing, programming, pypi, resilience, risk, risk-management, sbom, security-incident, service, software, startup, supply-chain, threat, toolSoftware supply chain threats: The software supply chain is heavily reliant on code developed by third-party developers, something only likely to increase with the advent of AI.Brian Fox, co-founder and CTO of open-source software security vendor Sonatype, says that “enormously complex” software supply chains pose a growing threat.”Too many organizations have no idea what open-source…
-
71% of CISOs hit with third-party security incident this year
Tags: access, ai, application-security, attack, backdoor, breach, ceo, cisa, ciso, cloud, compliance, control, credentials, cyber, cybersecurity, data, defense, exploit, incident response, intelligence, malicious, malware, open-source, penetration-testing, phishing, programming, pypi, resilience, risk, risk-management, sbom, security-incident, service, software, startup, supply-chain, threat, toolSoftware supply chain threats: The software supply chain is heavily reliant on code developed by third-party developers, something only likely to increase with the advent of AI.Brian Fox, co-founder and CTO of open-source software security vendor Sonatype, says that “enormously complex” software supply chains pose a growing threat.”Too many organizations have no idea what open-source…
-
Hackers steal 3,325 secrets in GhostAction GitHub supply chain attack
A new supply chain attack on GitHub, dubbed ‘GhostAction,’ has compromised 3,325 secrets, including PyPI, npm, DockerHub, GitHub tokens, Cloudflare, and AWS keys. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-steal-3-325-secrets-in-ghostaction-github-supply-chain-attack/
-
GhostAction campaign steals 3325 secrets in GitHub supply chain attack
Tags: ai, attack, control, credentials, data-breach, detection, exploit, github, malicious, network, pypi, risk, supply-chain, threatThreat contained within days: GitGuardian’s security team responded quickly after detection, and the FastUUID package was set to read-only by PyPI administrators within minutes. The malicious commit was reverted shortly afterward. GitGuardian notified maintainers of the affected repositories, successfully contacting 573 projects, while also alerting GitHub, npm, and PyPI security teams to monitor for abuse.Although…
-
GhostAction campaign steals 3325 secrets in GitHub supply chain attack
Tags: ai, attack, control, credentials, data-breach, detection, exploit, github, malicious, network, pypi, risk, supply-chain, threatThreat contained within days: GitGuardian’s security team responded quickly after detection, and the FastUUID package was set to read-only by PyPI administrators within minutes. The malicious commit was reverted shortly afterward. GitGuardian notified maintainers of the affected repositories, successfully contacting 573 projects, while also alerting GitHub, npm, and PyPI security teams to monitor for abuse.Although…