Malicious PyPI package opens backdoors on Windows, Linux, and Macs
Yet another malicious Python package has been spotted in the PyPI registry performing supply chain attacks to drop Cobalt Strike…
‘Unique Attack Chain’ Drops Backdoor in New Phishing Campaign
A threat group combines the use of steganography, open source tools, and Python scripts to target organizations in France.
Hundreds of Open Source Components Could Undermine Security, Census Finds
The Linux Foundation and Harvard University create lists of the top 500 most popular open source projects, highlighting critical software…
New Application Security Toolkit Uncovers Dependency Confusion Attacks
The Dependency Combobulator is an open source Python-based toolkit that helps developers discover malicious software components that may have accidentally…
Attackers Use Cryptomining Malware to Target Organizations
Earlier this year in June, a security researcher from security firm Sonatype uncovered six malicious payloads in the official Python…