Dark Reading

'Cordyceps': Mushrooming Malicious Pull Requests Threaten Developer Workflows

By targeting the automated workflows around repositories with targeted pull requests, attackers can potentially target ...
WeLiveSecurity

A pernicious potpourri of Python packages in PyPI

PyPI is popular among Python programmers for sharing and downloading code. Since anyone can contribute to the repository, malware – sometimes posing as legitimate, popular code libraries – can appear ...
SiliconANGLE

Fortinet warns of malicious Python packages targeting credentials and user data

A new report out today from Fortinet Inc.’s FortiGuard Labs is warning of two newly discovered malicious Python packages that pose a high risk of credential theft, data exfiltration and unauthorized ...
Dark Reading

Malicious Python Repository Package Drops Cobalt Strike on Windows, macOS & Linux Systems

Public repositories of open source code are a critical part of the software supply chain that many organizations use to build applications. They are therefore an attractive target for adversaries ...
Infosecurity-magazine.com

Two Additional Malicious Python Libraries Found on PyPI Repository

Two more malicious Python packages have been discovered in the Python Package Index (PyPI) repository, days after security researchers from Check Point spotted 10 of them. The two additional packages ...
Bleeping Computer

PyPi python packages caught sending stolen AWS keys to unsecured sites

Multiple malicious Python packages available on the PyPI repository were caught stealing sensitive information like AWS credentials and transmitting it to publicly exposed endpoints accessible by ...
CSOonline

Attackers hide malicious code in Hugging Face AI model Pickle files

The popular Python Pickle serialization format, which is common for distributing AI models, offers ways for attackers to inject malicious code that will be executed on computers when loading models ...