News

Bleeping Computer3y
Malicious PyPI packages with over 10,000 downloads taken down
The Python Package Index (PyPI) registry has removed three malicious Python packages aimed at exfiltrating environment variables and dropping trojans on the infected machines. These malicious ...
Dark Reading2y
Malicious Python Package Relies on Steganography to Download Malware
The malicious package downloads an image from the Web, then uses a steganography module to extract and execute the code to download malware. Fahmida Y. Rashid, Managing Editor, Features, Dark Reading ...
Bleeping Computer8mon
Malicious PyPI package with 37,000 downloads steals AWS keys
A malicious Python package named 'fabrice' has been present in the Python Package Index (PyPI) since 2021, stealing Amazon Web Services credentials from unsuspecting developers.
The Hacker News4d
Hackers Breach Toptal GitHub, Publish 10 Malicious npm Packages With 5,000 Downloads
In what's the latest instance of a software supply chain attack, unknown threat actors managed to compromise Toptal's GitHub ...
Computing1y
Malicious Python packages found exfiltrating user data to Telegram bot
The packages contained an __init__.py file that harboured malicious code, designed to search for files with the .py, .php,.zip, .png, .jpg and .jpeg extensions in the root and DCIM folders, and ...
CSOonline2y
Malicious package flood on PyPI might be sign of new attacks to come
Flooding public package repositories with malicious packages is not entirely new. Last year researchers detected a group of 186 packages from the same account on the JavaScript npm repository that ...