Bleeping Computer

Malicious PyPI package with 37,000 downloads steals AWS keys

A malicious Python package named 'fabrice' has been present in the Python Package Index (PyPI) since 2021, stealing Amazon Web Services credentials from unsuspecting developers. According to ...
Bleeping Computer

PyPI now blocks domain resurrection attacks used for hijacking accounts

The Python Package Index (PyPI) has introduced new protections against domain resurrection attacks that enable hijacking accounts through password resets. PyPI is the official repository for ...
Infosecurity-magazine.com

North Korean Hackers Deploy Python-Based Trojan Targeting Crypto

A new Python-based remote access Trojan (RAT) known as PylangGhost is being deployed in cyber campaigns attributed to the North Korean-aligned group Famous Chollima. According to research from Cisco ...
TechRadar

Python devs targeted with dangerous phishing attacks - here's how to stay safe

Developers who published projects on PyPI with their email in package metadata are being targeted They are asked to "verify" their email address with a fake PyPI platform The "verification" process ...