Collaborate Disseminate
Yet another entry in the “why we can’t have nice things” category, Retbleed was announced this week, as yet another speculative execution vulnerability. This one is mitigated in hardware for …read more Continue reading This Week in Security: Retbleed, Post-Quantum, Python-atomicwrites, and the Mysterious Cuteboi
The Python module “ctx” and a fork of the PHP library “phpass” have recently been modified by an unknown attacker to grab AWS credentials/keys and send them to a Heroku app. But what at first seemed like the work of a malicious … Continue reading Hijacking of popular ctx and phpass packages reveals open source security gaps
JFrog researchers have discovered 11 malicious Python packages on PyPI, the official third-party package repository for Python, which have been collectively downloaded over 41,000 times. This is not the first time that malicious packages have been succ… Continue reading Malicious Python packages employ advanced detection evasion techniques
By Deeba Ahmed
Six malicious typosquatting packages in the official Python programming language’s PyPI repository are found laced with cryptomining malware.
This is a post from HackRead.com Read the original post: 6 official Python repositories plagued… Continue reading 6 official Python repositories plagued with cryptomining malware
To this “researcher”, even a job not worth doing was worth overdoing. Here’s what you can learn from the incident… Continue reading Poison packages – “Supply Chain Risks” user hits Python community with 4000 fake modules
If you’ve been immersed in the Node.js/JavaScript community for awhile, or even if you are just getting started, you are likely using npm audit to scan package dependencies in your projects. It’s easy to stumble upon as part of the ubiquitous npm,… Continue reading Beyond npm Audit to Traverse an Increasingly Complex Dependency Tree
This is an excerpt from Out of the Wild: A Beginner’s Guide to Package and Dependency Management, a Sonatype Guide. This is the first of three installments.
The post What is a Package Dependency Manager? appeared first on Security Boulevard.
Continue reading What is a Package Dependency Manager?
We’ve supported Python developers for a number of years now. With the most recent Nexus Repository release, we are extending our reach with the official coverage of Conda in Nexus Repository Manager. Our teams have been listening to the Pyth… Continue reading Proxy a Conda Repository Using Nexus Repo
Recent malware installed in PyPI underscores the need for code verification at the code repository level to defend the software supply chain.
The post PyPi ‘Cheese Shop’ Malware Illustrates Software Supply Chain Risk Vector appeared fi… Continue reading PyPi ‘Cheese Shop’ Malware Illustrates Software Supply Chain Risk Vector
Researchers have uncovered another batch of malicious Python libraries hosted on Python Package Index (PyPI). The malicious packages PyPI is the official third-party software repository for Python and a great source of open source libraries and modules… Continue reading Malicious Python packages found on PyPI