Tag: pypi
-
PyPI Revival Hijack Puts Thousands of Applications at Risk
First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/pypi-revival-hijack/
-
New Supply Chain Attack >>Revival Hijack<< Risks Massive PyPI Takeovers
JFrog’s cybersecurity researchers have identified a new PyPI attack technique called Revival Hijack, which exploits package deletion policies. Over 22… First seen on hackread.com Jump to article: hackread.com/supply-chain-attack-revival-hijack-pypi-takeovers/
-
Widespread PyPI package takeovers likely with new supply chain attack technique
First seen on scmagazine.com Jump to article: www.scmagazine.com/brief/widespread-pypi-package-takeovers-likely-with-new-supply-chain-attack-technique
-
Hackers Hijack 22,000 Removed PyPI Packages, Spreading Malicious Code to Developers
A new supply chain attack technique targeting the Python Package Index (PyPI) registry has been exploited in the wild in an attempt to infiltrate down… First seen on thehackernews.com Jump to article: thehackernews.com/2024/09/hackers-hijack-22000-removed-pypi.html
-
Rogue PyPI Library Solana Users, Steals Blockchain Wallet Keys
Cybersecurity researchers have discovered a new malicious package on the Python Package Index (PyPI) repository that masquerades as a library from the… First seen on thehackernews.com Jump to article: thehackernews.com/2024/08/rogue-pypi-library-solana-users-steals.html
-
Malicious PyPI Package Targets macOS to Steal Google Cloud Credentials
Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that targets Apple macOS systems with the … First seen on thehackernews.com Jump to article: thehackernews.com/2024/07/malicious-pypi-package-targets-macos-to.html
-
Hackers Abused StackExchange Platform To Deliuver Malicious Python Package
Attackers uploaded malicious Python packages targeting Raydium and Solana users to PyPI, leveraging a StackExchange post to distribute the malware. Th… First seen on gbhackers.com Jump to article: gbhackers.com/stackexchange-malware-attack/
-
New PyPI Package Zlibxjson Steals Discord, Browser Data
First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/pypi-package-steals-discord/
-
Targeted PyPi Package Steals Google Cloud Credentials from macOS Devs
The campaign is laser-targeted, bucking the trend of spray-and-pray malicious open source packages turning up in code repositories seemingly every oth… First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/targeted-pypi-package-steals-google-cloud-credentials-macos-devs
-
Attackers exploit StackExchange to load malicious packages to PyPI
First seen on scmagazine.com Jump to article: www.scmagazine.com/news/attackers-exploit-stackexchange-to-load-malicious-packages-to-pypi
-
Infostealing PyPI packages spread through StackExchange
Tags: pypiFirst seen on scmagazine.com Jump to article: www.scmagazine.com/brief/infostealing-pypi-packages-spread-through-stackexchange
-
StackExchange abused to spread malicious PyPi packages as answers
Threat actors uploaded malicious Python packages to the PyPI repository and promoted them through the StackExchange online question and answer platfor… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/stackexchange-abused-to-spread-malicious-pypi-packages-as-answers/
-
Google Cloud credentials in macOS targeted by malicious PyPI package
First seen on scmagazine.com Jump to article: www.scmagazine.com/brief/google-cloud-credentials-in-macos-targeted-by-malicious-pypi-package
-
Beware Of Malicious Python Packages That Steal Users Sensitive Data
Malicious Python packages uploaded by >>dsfsdfds
-
PyPI Packages Leak User Data to Telegram Bot, Iraqi Cybercriminals Suspected
Experts at Checkmarx have uncovered PyPI packages containing a malicious script in the >>init.py
-
Iraqi Hackers Exploit PyPI to Infiltrate Systems Through Python Packages
First seen on hackread.com Jump to article: hackread.com/iraqi-hackers-exploit-pypi-infiltrate-system-python-packages/
-
Hackers Target Python Developers with Fake Crytic-Compilers Package on PyPI
Cybersecurity researchers have discovered a malicious Python package uploaded to the Python Package Index (PyPI) repository that’s designed to deliver… First seen on thehackernews.com Jump to article: thehackernews.com/2024/06/hackers-target-python-developers-with.html
-
300+ Times Downloaded Package from PyPI Contains Wiper Components
ReversingLabs researchers recently uncovered a malicious open-source package named xFileSyncerx on the Python Package Index (PyPI). This package, whic… First seen on gbhackers.com Jump to article: gbhackers.com/300-times-downloaded-pypi-wiper/
-
Stack Overflow exploited to distribute cryptostealer-spreading PyPI package
First seen on scmagazine.com Jump to article: www.scmagazine.com/brief/stack-overflow-exploited-to-distribute-cryptostealer-spreading-pypi-package
-
Cybercriminals pose as helpful Stack Overflow users to push malware
Cybercriminals are abusing Stack Overflow in an interesting approach to spreading malware, answering users’ questions by promoting a malicious PyPi pa… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cybercriminals-pose-as-helpful-stack-overflow-users-to-push-malware/
-
Malicious PyPI Package ‘Pytoileur’ Targets Windows and Leverages Stack Overflow for Distribution
Another day, another PyPI malware package. But this one has a new way to (try to) sneak into your computer. The post day, another PyPI malware package… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/05/malicious-pypi-package-pytoileur-targets-windows-and-leverages-stack-overflow-for-distribution/
-
Malicious PyPI NPM Packages Attacking MacOS Users
Cybersecurity researchers have identified a series of malicious software packages targeting MacOS users. These packages, found on the Python Package I… First seen on gbhackers.com Jump to article: gbhackers.com/malicious-pypi-npm-packages/
-
Malicious PyPI ‘requests’ fork hides backdoor in PNG file
First seen on scmagazine.com Jump to article: www.scmagazine.com/news/malicious-pypi-requests-fork-hides-backdoor-in-png-file
-
Malicious PyPi Requests Fork Hides Backdoor In PNG File
First seen on packetstormsecurity.com Jump to article: packetstormsecurity.com/news/view/35880/Malicious-PyPi-Requests-Fork-Hides-Backdoor-In-PNG-File.html
-
PyPi package backdoors Macs using the Sliver pen-testing suite
A new package mimicked the popular ‘requests’ library on the Python Package Index (PyPI) to target macOS devices with the Sliver C2 adversary framewor… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/pypi-package-backdoors-macs-using-the-sliver-pen-testing-suite/
-
Typosquatting campaign, malicious packages slam PyPi
Threat actors used automated typosquatting attacks to lead victims to malicious python packages in yet another campaign targeting the open-source soft… First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366577455/Typosquatting-campaign-malicious-packages-slam-PyPi
-
Malicious PyPI Package Attacking Discord Users To Steal Credentials
Hackers often target PyPI packages to exploit vulnerabilities and inject malicious code into widely used Python libraries. Recently, cybersecurity res… First seen on gbhackers.com Jump to article: gbhackers.com/malicious-pypi-package-discord-credentials/
-
Python’s PyPI Reveals Its Secrets
GitGuardian is famous for its annual State of Secrets Sprawl report. In their 2023 report, they found over 10 million exposed passwords, API keys, and… First seen on thehackernews.com Jump to article: thehackernews.com/2024/04/blog-post.html
-
PyPI halted new users and projects while it fended off supply-chain attack
First seen on arstechnica.com Jump to article: arstechnica.com/