July 15, 2024 at 01:06PM Cybersecurity researchers found a leaked GitHub token that could have enabled elevated access to Python repositories. JFrog discovered the token in a public Docker container and immediately revoked it after disclosure. Checkmarx also uncovered malicious packages on PyPI designed to extract sensitive information to a Telegram bot. No evidence shows … Read more
April 11, 2024 at 10:27AM GitGuardian’s 2023 and 2024 reports revealed significant security concerns in public repositories. The 2024 report found 12.8 million new exposed secrets on GitHub and highlighted security risks in PyPI. The report emphasizes the prevalence of open-source packages and stresses the importance of proper secret management to prevent potential exploitation. After … Read more
April 11, 2024 at 07:45AM GitGuardian’s 2024 report reveals over 12.8 million new exposed secrets in GitHub and highlighted potential threats in the PyPI repository. While Python developers widely use open-source packages, the report identifies the risks of exposing sensitive credentials. The article emphasizes the importance of proper secrets management and advises adopting automation tools … Read more
March 29, 2024 at 02:09AM The Python Package Index (PyPI) temporarily halted new user sign-ups due to an influx of malicious projects aimed at developers. Threat actors used typosquatting to upload deceptive versions of popular packages, targeting sensitive data and crypto wallets. Over 500 suspicious packages were uploaded within days, highlighting the increasing risk of … Read more
March 28, 2024 at 02:24PM The Python Package Index (PyPI) had to suspend new project creation and user registration to counter a malware upload campaign. Security researchers discovered malicious Python packages using typo-squatting to push multi-stage attacks to steal sensitive data and crypto wallets. The incident underscores the ongoing cybersecurity threats to software development ecosystems. … Read more
March 28, 2024 at 02:04PM PyPI, the Python Package Index, has suspended user registrations and new project creation due to an ongoing malware campaign. Threat actors are uploading fake packages to compromise developers, with the latest report from Checkmarx revealing 365 malicious entries and an info-stealer payload. This emphasizes the importance of rigorously verifying open-source … Read more
March 18, 2024 at 06:15PM Machine-learning model platforms, such as Hugging Face, are vulnerable to attacks similar to those experienced by npm, PyPI, and other open source repositories. These attacks have been successfully executed by threat actors for years. It seems from the meeting notes that the discussion highlighted the susceptibility of machine-learning model platforms … Read more
March 10, 2024 at 08:02PM Japanese cybersecurity officials issued a warning about North Korea’s Lazarus Group targeting the PyPI software repository with tainted Python packages, infecting Windows machines with the Comebacker Trojan. Gartner’s Dale Gardner describes Comebacker as a general purpose Trojan. The attack is a form of typosquatting and may disproportionately impact developers in … Read more
February 29, 2024 at 03:33AM North Korean hackers, Lazarus, uploaded four malware-containing packages to PyPI repository, collectively downloaded 3,269 times. The packages, now removed, targeted Python developers by capitalizing on typos during installation. The attack mirrors Phylum’s discovery of rogue npm packages targeting developers. Both campaigns conceal malicious code within test scripts. JPCERT/CC urges caution … Read more
February 28, 2024 at 10:08AM JPCERT/CC warns of North Korean hacker group Lazarus uploading four malicious PyPI packages to infect developers with malware. These packages allow access to developer networks, enabling financial fraud and supply chain attacks. The malware, named “Comebacker,” connects to the attacker’s server and executes further Windows malware. Previous attacks by Lazarus … Read more