News

Bleeping Computer6y

Python Package Installation Can Trigger Malicious Code

Although there is nothing special about code executing on a machine, when this code is executed is a significant detail from a security standpoint.
Threat Post3y

Malicious PyPI Code Packages Rack Up Thousands of Downloads

The Python code repository was infiltrated by malware bent on data exfiltration from developer apps and more. Three malicious packages hosted in the Python Package Index (PyPI) code repository ...
ZDNet6y

Twelve malicious Python libraries found and removed from PyPI

A software security engineer has identified 12 Python libraries uploaded on the official Python Package Index (PyPI) that contained malicious code.
The Hacker News12d

Malicious PyPI and npm Packages Discovered Exploiting Dependencies in Supply Chain Attacks

PyPI malware termncolor and colorinal downloaded 884 times exploit DLL side-loading, persistence, and C2 communication.
Ars Technica2y

Latest attack on PyPI users shows crooks are only getting better

Latest attack on PyPI users shows crooks are only getting better The code found in the malicious packages closely resembled legit offerings.