Malicious PyPi package steals Discord auth tokens from devs
A malicious package named 'pycord-self' on the Python package index (PyPI) targets Discord developers to steal authentication tokens and plant a…
Ultralytics AI model hijacked to infect thousands with cryptominer
The popular Ultralytics YOLO11 AI model was compromised in a supply chain attack to deploy cryptominers on devices running versions…
Faux ChatGPT, Claude API Packages Deliver JarkaStealer
Attackers are betting that the hype around generative AI (GenAI) is attracting less technical, less cautious developers who might be…
Malicious PyPI package with 37,000 downloads steals AWS keys
A malicious Python package named 'fabrice' has been present in the Python Package Index (PyPI) since 2021, stealing Amazon Web…
The Unsolvable Problem: XZ and Modern Infrastructure
The ongoing prevalence (and rise) of software supply chain attacks is enough to keep any software developer or security analyst…
Citrine Sleet Poisons PyPI Packages With Mac & Linux Malware
A North Korean advanced persistent threat (APT) actor (aka Gleaming Pisces) tried to sneak simple backdoors into public software packages.
Ransomware Gangs Pummel Southeast Asia
Successful ransomware attacks against organizations in Asia continue at peak levels in 2024 following a wave of high-profile data breaches…
PyPi package backdoors Macs using the Sliver pen-testing suite
A new package mimicked the popular 'requests' library on the Python Package Index (PyPI) to target macOS devices with the Sliver…
GitGuardian Researchers Find Thousands of Leaked Secrets in PyPI (Python Package Index) Packages
By Dwayne McDaniel, GitGuardian Developer and Security Advocate, GitGuardian The modern world of DevOps means relying on our code connecting…
PyPI suspends new user registration to block malware campaign
The Python Package Index (PyPI) has temporarily suspended user registration and the creation of new projects to deal with an…