Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks 2026-06-09 at 15:21 By Ionut Arghire The most recent variants of the self-propagating attacks are named Miasma and Hades. The post Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks appeared first on SecurityWeek. This article is an excerpt from […]
Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks Read More »
Telnyx Targeted in Growing TeamPCP Supply Chain Attack 2026-03-30 at 14:26 By Ionut Arghire Two malicious versions of the popular SDK were uploaded to the PyPI registry, targeting Windows, macOS, and Linux. The post Telnyx Targeted in Growing TeamPCP Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original
Telnyx Targeted in Growing TeamPCP Supply Chain Attack Read More »
TeamPCP strikes again: Backdoored Telnyx PyPI package delivers malware 2026-03-27 at 15:46 By Zeljka Zorz TeamPCP continues is supply chain compromise rampage, with telnyx on PyPI being the latest maliciously modified package. What happened? Telnyx is a widely used software development kit (SDK) for the Telnyx AI Voice Agent service. According to Endor Labs researchers,
TeamPCP strikes again: Backdoored Telnyx PyPI package delivers malware Read More »
LiteLLM PyPI packages compromised in expanding TeamPCP supply chain attacks 2026-03-25 at 14:01 By Zeljka Zorz A slew of supply chain attacks against popular open source tools and packages appears to have been orchestrated by TeamPCP, a cybercriminal group that rose to prominence in late 2025. The latest victim of the group is BerryAI’s popular
LiteLLM PyPI packages compromised in expanding TeamPCP supply chain attacks Read More »
From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI 2026-03-25 at 14:00 By Ionut Arghire The hackers compromised GitHub Action tags, then shifted to NPM, Docker Hub, VS Code, and PyPI, and teamed with Lapsus$. The post From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI appeared
From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI Read More »
PyPI Warns Users of Fresh Phishing Campaign 2025-09-25 at 19:00 By Ionut Arghire Threat actors impersonating PyPI ask users to verify their email for security purposes, directing them to fake websites. The post PyPI Warns Users of Fresh Phishing Campaign appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
PyPI Warns Users of Fresh Phishing Campaign Read More »
Open source has a malware problem, and it’s getting worse 2025-07-10 at 08:27 By Help Net Security Sonatype has published its Q2 2025 Open Source Malware Index, identifying 16,279 malicious open source packages across major ecosystems such as npm and PyPI. This brings the total number of malware packages discovered by the company to 845,204.
Open source has a malware problem, and it’s getting worse Read More »
Developers Targeted With Malware Disguised as DeepSeek Package 2025-02-04 at 14:03 By Eduard Kovacs Python developers looking to integrate DeepSeek into their projects were targeted with malicious packages delivered through PyPI. The post Developers Targeted With Malware Disguised as DeepSeek Package appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Developers Targeted With Malware Disguised as DeepSeek Package Read More »
DeepSeek’s popularity exploited to push malicious packages via PyPI 2025-02-03 at 15:33 By Zeljka Zorz Two malicious packages leveraging the DeepSeek name have been published to the Python Package Index (PyPI) package repository, and in the 30 minutes or so they were up, they have been downloaded 36 times. The malicious packages The attack started
DeepSeek’s popularity exploited to push malicious packages via PyPI Read More »
Cryptocurrency Wallets Targeted via Python Packages Uploaded to PyPI 2024-10-02 at 15:46 By Ionut Arghire Multiple Python packages referencing dependencies containing cryptocurrency-stealing code were published to PyPI. The post Cryptocurrency Wallets Targeted via Python Packages Uploaded to PyPI appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source
Cryptocurrency Wallets Targeted via Python Packages Uploaded to PyPI Read More »
Malware Upload Attack Hits PyPI Repository 2024-03-28 at 20:31 By Ryan Naraine Maintainers of the Python Package Index (PyPI) repository were forced to suspend new project creation and new user registration to mitigate a malware upload campaign. The post Malware Upload Attack Hits PyPI Repository appeared first on SecurityWeek. This article is an excerpt from
Malware Upload Attack Hits PyPI Repository Read More »
Securing software repositories leads to better OSS security 2024-03-04 at 14:03 By Zeljka Zorz Malicious software packages are found on public software repositories such as GitHub, PyPI and the npm registry seemingly every day. Attackers use a number of tricks to fool developers or systems into downloading them, or they simply compromise the package developer’s
Securing software repositories leads to better OSS security Read More »
PyPI Packages Found to Expose Thousands of Secrets 14/11/2023 at 15:16 By Ionut Arghire GitGuardian discovered roughly 4,000 secrets in nearly 3,000 PyPI packages, including Azure, AWS, and GitHub keys. The post PyPI Packages Found to Expose Thousands of Secrets appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original
PyPI Packages Found to Expose Thousands of Secrets Read More »
Over 45 thousand Users Fell Victim to Malicious PyPI Packages 09/06/2023 at 12:31 By cybleinc Through the analysis of more than 160 malicious Python packages, CRIL reveals insights into the threat landscape associated with Python packages. The post Over 45 thousand Users Fell Victim to Malicious PyPI Packages appeared first on Cyble. This article is
Over 45 thousand Users Fell Victim to Malicious PyPI Packages Read More »
PyPI Enforcing 2FA for All Project Maintainers to Boost Security 30/05/2023 at 17:06 By Ionut Arghire PyPI will require all accounts that maintain a project to enable two-factor authentication (2FA) by the end of 2023. The post PyPI Enforcing 2FA for All Project Maintainers to Boost Security appeared first on SecurityWeek. This article is an
PyPI Enforcing 2FA for All Project Maintainers to Boost Security Read More »
New KEKW Malware Variant Identified in PyPI Package Distribution 07/05/2023 at 18:24 By cybleinc CRIL analyzes a new KEKW Malware variant with stealer & Clipper functionalities being distributed via PyPI Packages. The post New KEKW Malware Variant Identified in PyPI Package Distribution appeared first on Cyble. This article is an excerpt from Cyble View Original
New KEKW Malware Variant Identified in PyPI Package Distribution Read More »