#PyPIPackages

Well-Established Cybercriminal Ecosystem Blooming in Iraq

by

July 15, 2024 at 01:48PM A sophisticated criminal network based in Iraq has been uncovered, revolving around a Telegram bot with over 90,000 messages mainly in Arabic. Checkmarx researchers found the bot to be central to a larger cybercriminal ecosystem offering various illicit services. They also discovered malicious Python packages on PyPI facilitating data theft, … Read more

PyPI Packages Found to Expose Thousands of Secrets

by

November 14, 2023 at 07:09AM Code security firm GitGuardian has discovered thousands of hardcoded credentials in Python code committed to PyPI packages. Over 4,000 unique secrets were found in nearly 3,000 packages, with more than 760 of them being valid. The leaked secrets included keys and credentials for popular services such as AWS, Azure AD, … Read more