TikTok ‘Invisible Body’ challenge exploited to push malware
Hackers are capitalizing on a trending TikTok challenge named 'Invisible Challenge' to install malware on thousands of devices and steal…
W4SP Stealer Stings Python Developers in Supply Chain Attack
Threat actors continue to push malicious Python packages to the popular PyPI service, striking with typosquatting, authentic sounding file names,…
With the Software Supply Chain, You Can’t Secure What You Don’t Measure
Reports to the National Vulnerability Database jumped in 2022, but we should pay just as much attention to the flaws…
EvilProxy Commodifies Reverse-Proxy Tactic for Phishing, Bypassing 2FA
The phishing-as-a-service offering targets accounts from tech giants, and also has connections to PyPI phishing and the Twilio supply chain…
Threat Actor Phishing PyPI Users Identified
"JuiceLedger" has escalated a campaign to distribute its information stealer by now going after developers who published code on the…
PyPI packages hijacked after developers fall for phishing emails
A phishing campaign caught yesterday was seen targeting maintainers of Python packages published to the PyPI registry. Python packages 'exotel' and 'spam'…
Malicious PyPi packages turn Discord into password-stealing malware
A dozen malicious PyPi packages have been discovered installing malware that modifies the Discord client to become an information-sealing backdoor…
Software Supply Chain Chalks Up a Security Win With New Crypto Effort
GitHub, the owner of the Node Package Manager (npm), proposes cryptographically linking source code and JavaScript packages in an effort…
10 Malicious Code Packages Slither into PyPI Registry
The discovery adds to the growing list of recent incidents where threat actors have used public code repositories to distribute…
PyPI Mandates 2FA, Plans Google Titan Key Giveaway
Python's most popular package manager is intent on securing the supply chain by requiring developers to enable two-factor authentication.