资讯

来自MSN9月

AWS keys stolen by malicious PyPI package with thousands of downloads - MSN

Researchers discover three-year old malicious package in PyPI The package is a typosquatted version of Fabric, with 37,000 downloads Its goal is to steal AWS login credentials from the developers ...
Bleeping Computer3 年

PyPi python packages caught sending stolen AWS keys to unsecured sites

Multiple malicious Python packages available on the PyPI repository were caught stealing sensitive information like AWS credentials and transmitting it to publicly exposed endpoints accessible by ...