EvilProxy Commodifies Reverse-Proxy Tactic for Phishing, Bypassing 2FA
The phishing-as-a-service offering targets accounts from tech giants, and also has connections to PyPI phishing and the Twilio supply chain…
Threat Actor Phishing PyPI Users Identified
"JuiceLedger" has escalated a campaign to distribute its information stealer by now going after developers who published code on the…
PyPI packages hijacked after developers fall for phishing emails
A phishing campaign caught yesterday was seen targeting maintainers of Python packages published to the PyPI registry. Python packages 'exotel' and 'spam'…
Malicious PyPi packages turn Discord into password-stealing malware
A dozen malicious PyPi packages have been discovered installing malware that modifies the Discord client to become an information-sealing backdoor…
Software Supply Chain Chalks Up a Security Win With New Crypto Effort
GitHub, the owner of the Node Package Manager (npm), proposes cryptographically linking source code and JavaScript packages in an effort…
10 Malicious Code Packages Slither into PyPI Registry
The discovery adds to the growing list of recent incidents where threat actors have used public code repositories to distribute…
PyPI Mandates 2FA, Plans Google Titan Key Giveaway
Python's most popular package manager is intent on securing the supply chain by requiring developers to enable two-factor authentication.
PyPI mandates 2FA for critical projects, developer pushes back
On Friday, the Python Package Index (PyPI), repository of open source Python projects announced plans to rollout two factor authentication for…
PyPi python packages caught sending stolen AWS keys to unsecured sites
Multiple malicious Python packages available on the PyPI repository were caught stealing sensitive information like AWS credentials and transmitting it…
Malicious Python Repository Package Drops Cobalt Strike on Windows, macOS & Linux Systems
The PyPI "pymafka" package is the latest example of growing attacker interest in abusing widely used open source software repositories.