Please turn on your JavaScript for this page to function normally.
open source security
Securing software repositories leads to better OSS security

Malicious software packages are found on public software repositories such as GitHub, PyPI and the npm registry seemingly every day. Attackers use a number of tricks to fool …

Phishing PyPI users: Attackers compromise legitimate projects to push malware

PyPI, the official third-party software repository for Python packages, is warning about a phishing campaign targeting its users. “We have additionally determined that …

package
Malicious PyPI packages drop ransomware, fileless malware

In this Help Net Security video, Ax Sharma, Senior Security Researcher at Sonatype, discusses newly found PyPI packages that pack ransomware, and another package that appears …

package
Hijacking of popular ctx and phpass packages reveals open source security gaps

The Python module “ctx” and a fork of the PHP library “phpass” have recently been modified by an unknown attacker to grab AWS credentials/keys and send …

python pi
Malicious Python packages employ advanced detection evasion techniques

JFrog researchers have discovered 11 malicious Python packages on PyPI, the official third-party package repository for Python, which have been collectively downloaded over …

Python
Malicious Python packages found on PyPI

Researchers have uncovered another batch of malicious Python libraries hosted on Python Package Index (PyPI). The malicious packages PyPI is the official third-party software …

Don't miss

Cybersecurity news