A threat actor has uploaded three malicious packages to the PyPI (Python Package Index) repository. The packages reportedly drop info-stealing malware on developers’ systems. The threat is significant ...
Malicious PyPI package soopsocks downloaded 2,653 times before takedown, exfiltrating Windows data to Discord.
The scanners tasked with weeding out malicious contributions to packages distributed via the popular open source code repository Python Package Index (PyPI) create a significant number of false alerts ...
The Python Package Index (PyPI) registry has removed three malicious Python packages aimed at exfiltrating environment variables and dropping trojans on the infected machines. These malicious packages ...
If you recently got an email asking you to verify your credentials to a PyPI site, better change that password ...
Cybersecurity researchers have found harmful software in the official Python Package Index (PyPI) and npm package repositories, putting software supply chains at risk. The packages, called termncolor ...
The Python Package Index (PyPI) has introduced new protections against domain resurrection attacks that enable hijacking accounts through password resets. PyPI is the official repository for ...
Check Point Research has detected a malicious open source code package that uses steganography to hide malicious code inside image files. The malicious package was available on PyPI, a package index ...
PyPI is popular among Python programmers for sharing and downloading code. Since anyone can contribute to the repository, malware – sometimes posing as legitimate, popular code libraries – can appear ...
A software security engineer has identified 12 Python libraries uploaded on the official Python Package Index (PyPI) that contained malicious code. The 12 packages have been discovered in two separate ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback