CySecurity News - Latest Information Security and Hacking Incidents: PyPI

Labels



 Trendy Right Now

Showing posts with label PyPI. Show all posts

Latest PyPi Malware Steals Ethereum Private Keys, Developers Targeted



 

python

Crypto Wallets Developers Ethereum malware PyPI python

Latest PyPi Malware Steals Ethereum Private Keys, Developers Targeted

Researchers at Socket have exposed a malicious PyPi (Python Package Index package), set-utils, that steals Ethereum private keys by abusing a “commonly used account creation functions.” Masked...

PyPI's New Archival Feature Addresses a Major Security Flaw



 

Supply Chain

Archive Cyber Security Open Source PyPI Supply Chain

PyPI's New Archival Feature Addresses a Major Security Flaw

The Python Package Index (PyPI) has informed users that no modifications are expected with the launch of "Project Archival," a new method that enables publishers to archive...

PyPI Hosts Malicious Tools Targeting Crypto Wallets



 

Technology

Checkmarx Crypto Crypto Wallets cryptocurrency CyberCrime cybercriminals Cyberthreats PyPI Technology

PyPI Hosts Malicious Tools Targeting Crypto Wallets

During an investigation conducted recently, it was discovered that several malicious packages masquerading as services for recovering cryptocurrency wallets were found in...

22,000 PyPI Packages Affected by Revival Hijack Supply-Chain Attack



 

Supply-chain

Cyber Attacks Cyber Hijack Cyber websites CyberCrime Cyberhackers JFrog Security malicious PyPI python Software Supply-chain

22,000 PyPI Packages Affected by Revival Hijack Supply-Chain Attack

It has been discovered that hackers can distribute malicious payloads easily and efficiently through the package repository on the PyPI website by using a simple and troublesome...

PyPI Halts New User Registrations to Combat Malware Campaign



 

suspension

combat malware Malware Campaign new user registration PyPI suspension

PyPI Halts New User Registrations to Combat Malware Campaign

The Python Package Index (PyPI) has implemented a temporary halt on user registrations and the creation of new projects due to an ongoing malware scheme. PyPI serves as...

PyPI Enforces the Usage of Two-factor Authentication for All Software Publishes



 

Safety

Backdoor Cyber Security Data Safety data security PyPI python Safety

PyPI Enforces the Usage of Two-factor Authentication for All Software Publishes

The Python Package Index (PyPI) has stated that by the end of the year, every account that maintains a project on the system will be compelled to enable two-factor authentication...

Spyware Offered to Cyberattackers via PyPI Python Repository



 

Spyware

Data Safety malware PyPI python Safety Security Spyware

Spyware Offered to Cyberattackers via PyPI Python Repository

Researchers spotted malware peddlers openly selling an info-stealer on the Python Package Index (PyPI) — the official, public repository for the Python programming language...



 

User Privacy

AWS Keys AWS S3 GitHub malware Phishing Attack PyPI Secret Keys User Privacy

PyPl Hosting Malware and AWS Keys

The Python package repository PyPI was discovered to be hosting malware and AWS keys. Tom Forbes, a software developer, created a Rust-based application that searched all...



 

Software Supply Chain

Data Privacy Discord malware PowerRAT PyPI Safety Security Server Software Supply Chain

The PoweRAT Malware Attacks PyPI Users

The software supply chain security company Phylum has discovered a malicious assault using the PoweRAT backdoor and an information thief that targets users of the Python...

PyTorch Reveals Harmful "Dependency" Strain Compromise over Holidays



 

Torchitron

Cyber Security PyPI PyTorch Torchitron

PyTorch Reveals Harmful "Dependency" Strain Compromise over Holidays

What is Torchitron?PyTorch has found a harmful dependency with the same name as the framework's 'torchtriton' archive. This resulted in an executable compromise through the dependency...

JuiceLedger Attacker Linked to Phishing Attacks Targeting PyPI Users



 

User Security

Cyber Attacks Phishing Attacks PyPI Supply Chain Attack User Security

JuiceLedger Attacker Linked to Phishing Attacks Targeting PyPI Users

Threat analysts at SentinelOne and Checkmarx have unearthed the hacker behind the recently launched phishing attacks targeting Python Package Index (PyPI) users. Earlier...

Python Libraries Hacked AWS Data and Keys



 

Windows Defender

AWS Data Breach Firewall NPM Package Phishing Attacks PyPI Windows Defender

Python Libraries Hacked AWS Data and Keys

Sonatype researchers have found malicious Python packages that post your AWS credentials and user characteristics to a publicly accessible endpoint rather than just exploiting...

Info Stealer Identified in a PyPI Package



 

Typo Squatting

Cyber Security Info Stealer Password Stealer PyPI Typo Squatting

Info Stealer Identified in a PyPI Package

GitHub user duxinglin1 has identified three PyPI packages 'keep,' 'pyanxdns,' and 'api-res-py' using a malicious dependency, 'request,' Last month, duxinglin1 uncovered...

11 Malicious Python Packages Uncovered by Researchers



 

Python Package

Cyber Security Discord Malicious Codes PyPI Python Package

11 Malicious Python Packages Uncovered by Researchers

Researchers have found 11 malicious Python packages which have been installed more than 41,000 times from the Python Package Index (PyPI) repository that might be used to...

‘mitmproxy2’ Removed by PyPI due to Code Execution Issues



 

Python Package

code execution Cyber Security PyPI Python Package

‘mitmproxy2’ Removed by PyPI due to Code Execution Issues

A Python package called 'mitmproxy2' was pulled off from the PyPI repository because it was a replica of the official "mitmproxy" library, though with an "artificially introduced"...

Malevolent PyPI Packages Detected Filching Developer Data



 

python

Cyber Security Developer Data Malicious actor PyPI python

Malevolent PyPI Packages Detected Filching Developer Data

Repositories of software packages have become a frequent target for supply chain attacks. Reports concerning malware attacks on prominent repository systems like npm, PyPI,...

Python Package Index Repository Detected With Multiple Malicious Packages



 

PyPI

Cyber Security malacious Packages PyPI

Python Package Index Repository Detected With Multiple Malicious Packages

In the PyPI repository for Python projects that transformed workstations developers into crypto mining machines, many malicious packaging were captured this week. All...



 

spammers

Cyber Attacks GitLab PyPI shady websites spammers

PyPI and GitLab Witness Spam Attacks

The GitLab, a source code hosting website, and the Python Package Index (PyPI) portal both are flooded with advertisements for shady websites and assorted services by the...

Page 1 of 11

Search This Blog

Sections

Popular Posts

Blog Archive

Labels

About Me

Showing result(s) for

Popular Posts

Pages

Menu Item