PyPI – Page 2 – WindowsTechs.com

PyPI Packages Found to Expose Thousands of Secrets

Posted on November 14, 2023 by Ionut Arghire

GitGuardian discovered roughly 4,000 secrets in nearly 3,000 PyPI packages, including Azure, AWS, and GitHub keys.
The post PyPI Packages Found to Expose Thousands of Secrets appeared first on SecurityWeek.
Continue reading PyPI Packages Found to Expose Thousands of Secrets→

FortiGuard Labs Uncovers Series of Malicious NPM Packages Stealing Data

Posted on October 2, 2023 by Waqas

By Waqas
There are over 17 million developers worldwide who use NPM packages, making it a lucrative target for cybercriminals.
This is a post from HackRead.com Read the original post: FortiGuard Labs Uncovers Series of Malicious NPM Packages Stealing D… Continue reading FortiGuard Labs Uncovers Series of Malicious NPM Packages Stealing Data→

PyPI Enforcing 2FA for All Project Maintainers to Boost Security

Posted on May 30, 2023 by Ionut Arghire

PyPI will require all accounts that maintain a project to enable two-factor authentication (2FA) by the end of 2023.
The post PyPI Enforcing 2FA for All Project Maintainers to Boost Security appeared first on SecurityWeek.
Continue reading PyPI Enforcing 2FA for All Project Maintainers to Boost Security→

S3 Ep136: Navigating a manic malware maelstrom

Posted on May 25, 2023 by Paul Ducklin

Latest episode – listen now. Full transcript inside… Continue reading S3 Ep136: Navigating a manic malware maelstrom→

PyPI open-source code repository deals with manic malware maelstrom

Posted on May 23, 2023 by Paul Ducklin

Controlled outage used to keep malware marauders from gumming up the works. Learn what you can do to help in future… Continue reading PyPI open-source code repository deals with manic malware maelstrom→

Malicious PyPI Packages Drop Malware in New Supply Chain Attack

Posted on January 19, 2023 by Deeba Ahmed

By Deeba Ahmed
These packages were uploaded between the 7th and 12th of January 2023 with the names “colorslib,” “httpslib,” and “libhttps.”
This is a post from HackRead.com Read the original post: Malicious PyPI Packages Drop Malware in New Supply Cha… Continue reading Malicious PyPI Packages Drop Malware in New Supply Chain Attack→

OpenSSF Launches Malicious Packages Repository

Posted on November 23, 2022 by Habiba Rashid

By Waqas
The launch of the Malicious Packages repository comes at a time when cyberattacks, leveraging malicious open source packages, are on the rise.
This is a post from HackRead.com Read the original post: OpenSSF Launches Malicious Packages Reposit… Continue reading OpenSSF Launches Malicious Packages Repository→

GitHub Abused to Distribute Malicious Packages on PyPI in Image Files

Posted on November 10, 2022 by Waqas

By Waqas
Threat actors are using steganography to hide malicious code in images.
This is a post from HackRead.com Read the original post: GitHub Abused to Distribute Malicious Packages on PyPI in Image Files
Continue reading GitHub Abused to Distribute Malicious Packages on PyPI in Image Files→

Phishing PyPI users: Attackers compromise legitimate projects to push malware

Posted on August 25, 2022 by Zeljka Zorz

PyPI, the official third-party software repository for Python packages, is warning about a phishing campaign targeting its users. “We have additionally determined that some maintainers of legitimate projects have been compromised, and malware pub… Continue reading Phishing PyPI users: Attackers compromise legitimate projects to push malware→

Malicious PyPI packages drop ransomware, fileless malware

Posted on August 12, 2022 by Help Net Security

In this Help Net Security video, Ax Sharma, Senior Security Researcher at Sonatype, discusses newly found PyPI packages that pack ransomware, and another package that appears to be safe but silently drops fileless malware to mine cryptocurrency (Monero… Continue reading Malicious PyPI packages drop ransomware, fileless malware→