GitHub

Allow Whitelisting of Powershell Scripts automatically run by NuGet

An automated malicious attack was recently carried out in npm. To my understanding, such an attack is possible with NuGet using scripts like init.ps1. A cursory look at my local nuget packages cache ...
Bleeping Computer

PyPI invalidates tokens stolen in GhostAction supply chain attack

The Python Software Foundation team has invalidated all PyPI tokens stolen in the GhostAction supply chain attack in early September, confirming that the threat actors didn't abuse them to publish ...
The Hacker News

AI-Powered Villager Pen Testing Tool Hits 11,000 PyPI Downloads Amid Abuse Concerns

A new artificial intelligence (AI)-powered penetration testing tool linked to a China-based company has attracted nearly 11,000 downloads on the Python Package Index (PyPI) repository, raising ...