Revival Hijack supply-chain attack threatens 22,000 PyPI packages
September 4, 2024 at 09:49AM Threat actors are exploiting the “Revival Hijack” attack to register new PyPi projects using names of previously deleted packages, potentially leading to malicious package downloads. Recently leveraged in the wild, this technique highlights the need for developers to take action to mitigate this threat, including using package pinning and verifying … Read more