#JFrogSecurity

Hackers Hijack 22,000 Removed PyPI Packages, Spreading Malicious Code to Developers

by

September 4, 2024 at 09:18AM A new supply chain attack technique, Revival Hijack, targets the Python Package Index (PyPI), allowing for hijacking of over 22,000 existing PyPI packages. Attackers can publish malicious packages under the same name and a higher version, posing a significant risk to developers. The attack has already been exploited, emphasizing the … Read more

Millions of Docker repos found pushing malware, phishing sites

by

April 30, 2024 at 01:32PM Since early 2021, three large-scale campaigns targeted Docker Hub users by planting millions of repositories containing malware and phishing sites. JFrog researchers discovered that 20% of Docker Hub’s 15 million repositories had malicious content. They identified nearly 4.6 million repositories with no Docker images, linked to three major malicious campaigns. … Read more