PyPI’s 2FA Requirements Don’t Go Far Enough, Researchers Say
The Python Package Index will require developers to better secure their accounts as cyberattacks ramp up, but protecting the software…
PyPI announces mandatory use of 2FA for all software publishers
The Python Package Index (PyPI) has announced that it will require every account that manages a project on the platform…
PyPI temporarily pauses new users, projects amid high volume of malware
PyPI, the official third-party registry of open source Python packages has temporarily suspended new users from signing up, and new…
.NET Devs Targeted With Malicious NuGet Packages
In a possible first for the NuGet repository, more than a dozen components in the .NET code repository run a…
Devs targeted by W4SP Stealer malware in malicious PyPi packages
Five malicious packages were found on the Python Package Index (PyPI), stealing passwords, Discord authentication cookies, and cryptocurrency wallets from…
How Can Disrupting DNS Communications Thwart a Malware Attack?
Malware eventually has to exfiltrate the data it accessed. By watching DNS traffic for suspicious activity, organizations can halt the…
Malicious ‘Lolip0p’ PyPi packages install info-stealing malware
A threat actor has uploaded to the PyPI (Python Package Index) repository three malicious packages that carry code to drop info-stealing…
Malicious PyPi packages create CloudFlare Tunnels to bypass firewalls
Six malicious packages on PyPI, the Python Package Index, were found installing information-stealing and RAT (remote access trojan) malware while…
Cyberattackers Torch Python Machine Learning Project
The popular PyTorch Python project for data scientists and machine learning developers has become the latest open source project to…
PyTorch discloses malicious dependency chain compromise over holidays
PyTorch has identified a malicious dependency with the same name as the framework's 'torchtriton' library. This has led to a successful compromise via the…