PyPI – WindowsTechs.com

Ultralytics AI Library with 60M Downloads Compromised for Cryptomining

Posted on December 9, 2024 by Deeba Ahmed

Another day, another supply chain attack! Continue reading Ultralytics AI Library with 60M Downloads Compromised for Cryptomining→

Fabrice Malware on PyPI Has Been Stealing AWS Credentials for 3 Years

Posted on November 7, 2024 by Waqas

The malicious Python package “Fabrice” on PyPI mimics the “Fabric” library to steal AWS credentials, affecting thousands. Learn how… Continue reading Fabrice Malware on PyPI Has Been Stealing AWS Credentials for 3 Years→

Cryptocurrency Wallets Targeted via Python Packages Uploaded to PyPI

Posted on October 2, 2024 by Ionut Arghire

Multiple Python packages referencing dependencies containing cryptocurrency-stealing code were published to PyPI.
The post Cryptocurrency Wallets Targeted via Python Packages Uploaded to PyPI appeared first on SecurityWeek.
Continue reading Cryptocurrency Wallets Targeted via Python Packages Uploaded to PyPI→

New PyPI Malware Poses as Crypto Wallet Tools to Steal Private Keys

Posted on October 1, 2024 by Waqas

Checkmarx researchers discovered PyPI malware posing as crypto wallet tools. These malicious packages stole private keys and recovery… Continue reading New PyPI Malware Poses as Crypto Wallet Tools to Steal Private Keys→

New Supply Chain Attack “Revival Hijack” Risks Massive PyPI Takeovers

Posted on September 4, 2024 by Waqas

JFrog’s cybersecurity researchers have identified a new PyPI attack technique called “Revival Hijack,” which exploits package deletion policies. Over 22,000 packages are at risk, potentially impacting thousands of users. Stay informed! Continue reading New Supply Chain Attack “Revival Hijack” Risks Massive PyPI Takeovers→

Iraqi Hackers Exploit PyPI to Infiltrate Systems Through Python Packages

Posted on July 16, 2024 by Deeba Ahmed

Python packages are being used to steal data from developers and companies. Learn about the extensive cybercriminal operation… Continue reading Iraqi Hackers Exploit PyPI to Infiltrate Systems Through Python Packages→

Malware Upload Attack Hits PyPI Repository

Posted on March 28, 2024 by Ryan Naraine

Maintainers of the Python Package Index (PyPI) repository were forced to suspend new project creation and new user registration to mitigate a malware upload campaign.
The post Malware Upload Attack Hits PyPI Repository appeared first on SecurityWeek.
Continue reading Malware Upload Attack Hits PyPI Repository→

PyPI Suspends New Projects and Users Due to Malicious Packages

Posted on March 28, 2024 by Waqas

By Waqas
Are you a Python developer? Here’s what you need to know!
This is a post from HackRead.com Read the original post: PyPI Suspends New Projects and Users Due to Malicious Packages
Continue reading PyPI Suspends New Projects and Users Due to Malicious Packages→

Securing software repositories leads to better OSS security

Posted on March 4, 2024 by Zeljka Zorz

Malicious software packages are found on public software repositories such as GitHub, PyPI and the npm registry seemingly every day. Attackers use a number of tricks to fool developers or systems into downloading them, or they simply compromise the pac… Continue reading Securing software repositories leads to better OSS security→

Crypto Stealing PyPI Malware Hits Both Windows and Linux Users

Posted on January 28, 2024 by Deeba Ahmed

By Deeba Ahmed
FortiGuard Labs’ latest research report reveals a concerning trend: threat actors are leveraging the Python Package Index (PyPI),…
This is a post from HackRead.com Read the original post: Crypto Stealing PyPI Malware Hits Bot… Continue reading Crypto Stealing PyPI Malware Hits Both Windows and Linux Users→