PyPI Warns Users of Fresh Phishing Campaign 2025-09-25 at 19:00 By Ionut Arghire Threat actors impersonating PyPI ask users to verify their email for security purposes, directing them to fake websites. The post PyPI Warns Users of Fresh Phishing Campaign appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React […]
React to this headline:
PyPI Warns Users of Fresh Phishing Campaign Read More »
Open source has a malware problem, and it’s getting worse 2025-07-10 at 08:27 By Help Net Security Sonatype has published its Q2 2025 Open Source Malware Index, identifying 16,279 malicious open source packages across major ecosystems such as npm and PyPI. This brings the total number of malware packages discovered by the company to 845,204.
React to this headline:
Open source has a malware problem, and it’s getting worse Read More »
Developers Targeted With Malware Disguised as DeepSeek Package 2025-02-04 at 14:03 By Eduard Kovacs Python developers looking to integrate DeepSeek into their projects were targeted with malicious packages delivered through PyPI. The post Developers Targeted With Malware Disguised as DeepSeek Package appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
React to this headline:
Developers Targeted With Malware Disguised as DeepSeek Package Read More »
DeepSeek’s popularity exploited to push malicious packages via PyPI 2025-02-03 at 15:33 By Zeljka Zorz Two malicious packages leveraging the DeepSeek name have been published to the Python Package Index (PyPI) package repository, and in the 30 minutes or so they were up, they have been downloaded 36 times. The malicious packages The attack started
React to this headline:
DeepSeek’s popularity exploited to push malicious packages via PyPI Read More »
Cryptocurrency Wallets Targeted via Python Packages Uploaded to PyPI 2024-10-02 at 15:46 By Ionut Arghire Multiple Python packages referencing dependencies containing cryptocurrency-stealing code were published to PyPI. The post Cryptocurrency Wallets Targeted via Python Packages Uploaded to PyPI appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React
React to this headline:
Cryptocurrency Wallets Targeted via Python Packages Uploaded to PyPI Read More »
Malware Upload Attack Hits PyPI Repository 2024-03-28 at 20:31 By Ryan Naraine Maintainers of the Python Package Index (PyPI) repository were forced to suspend new project creation and new user registration to mitigate a malware upload campaign. The post Malware Upload Attack Hits PyPI Repository appeared first on SecurityWeek. This article is an excerpt from
React to this headline:
Malware Upload Attack Hits PyPI Repository Read More »
Securing software repositories leads to better OSS security 2024-03-04 at 14:03 By Zeljka Zorz Malicious software packages are found on public software repositories such as GitHub, PyPI and the npm registry seemingly every day. Attackers use a number of tricks to fool developers or systems into downloading them, or they simply compromise the package developer’s
React to this headline:
Securing software repositories leads to better OSS security Read More »
PyPI Packages Found to Expose Thousands of Secrets 14/11/2023 at 15:16 By Ionut Arghire GitGuardian discovered roughly 4,000 secrets in nearly 3,000 PyPI packages, including Azure, AWS, and GitHub keys. The post PyPI Packages Found to Expose Thousands of Secrets appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original
React to this headline:
PyPI Packages Found to Expose Thousands of Secrets Read More »
Over 45 thousand Users Fell Victim to Malicious PyPI Packages 09/06/2023 at 12:31 By cybleinc Through the analysis of more than 160 malicious Python packages, CRIL reveals insights into the threat landscape associated with Python packages. The post Over 45 thousand Users Fell Victim to Malicious PyPI Packages appeared first on Cyble. This article is
React to this headline:
Over 45 thousand Users Fell Victim to Malicious PyPI Packages Read More »
PyPI Enforcing 2FA for All Project Maintainers to Boost Security 30/05/2023 at 17:06 By Ionut Arghire PyPI will require all accounts that maintain a project to enable two-factor authentication (2FA) by the end of 2023. The post PyPI Enforcing 2FA for All Project Maintainers to Boost Security appeared first on SecurityWeek. This article is an
React to this headline:
PyPI Enforcing 2FA for All Project Maintainers to Boost Security Read More »
New KEKW Malware Variant Identified in PyPI Package Distribution 07/05/2023 at 18:24 By cybleinc CRIL analyzes a new KEKW Malware variant with stealer & Clipper functionalities being distributed via PyPI Packages. The post New KEKW Malware Variant Identified in PyPI Package Distribution appeared first on Cyble. This article is an excerpt from Cyble View Original
React to this headline:
New KEKW Malware Variant Identified in PyPI Package Distribution Read More »