PyPI mandates 2FA for critical projects, developer pushes back
On Friday, the Python Package Index (PyPI), repository of open source Python projects announced plans to rollout two factor authentication for…
PyPi python packages caught sending stolen AWS keys to unsecured sites
Multiple malicious Python packages available on the PyPI repository were caught stealing sensitive information like AWS credentials and transmitting it…
Malicious Python Repository Package Drops Cobalt Strike on Windows, macOS & Linux Systems
The PyPI "pymafka" package is the latest example of growing attacker interest in abusing widely used open source software repositories.
Malicious PyPI package opens backdoors on Windows, Linux, and Macs
Yet another malicious Python package has been spotted in the PyPI registry performing supply chain attacks to drop Cobalt Strike…
‘Unique Attack Chain’ Drops Backdoor in New Phishing Campaign
A threat group combines the use of steganography, open source tools, and Python scripts to target organizations in France.
Hundreds of Open Source Components Could Undermine Security, Census Finds
The Linux Foundation and Harvard University create lists of the top 500 most popular open source projects, highlighting critical software…
New Application Security Toolkit Uncovers Dependency Confusion Attacks
The Dependency Combobulator is an open source Python-based toolkit that helps developers discover malicious software components that may have accidentally…
Attackers Use Cryptomining Malware to Target Organizations
Earlier this year in June, a security researcher from security firm Sonatype uncovered six malicious payloads in the official Python…