News
PyPI is arguably the world’s most popular Python package repository, hosting more than 200,000 packages that developers can use to speed up their development process.
Upon further analysis, ReversingLabs found that the bogus 'SentinelOne' package contains "api.py" files with malicious code that steals and uploads data to the IP address (54.254.189.27), which ...
Seven malicious PyPi packages were found using Gmail's SMTP servers and WebSockets for data exfiltration and remote command execution. The packages were discovered by Socket's threat research team ...
A dangerous package has been found on the PyPI repository. Named zlibxjson version 8.2, the malicious package was flagged by Fortinet’s AI-driven OSS malware detection system on July 3 2024, shortly ...
Data exfiltration was a common goal, says SonatypeSecurity researchers discovered over 400 malicious packages in the popular open source registry npm in December, and dozens more in PyPI. Sonatype ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback