#PyPIRegistry

Hackers Hijack 22,000 Removed PyPI Packages, Spreading Malicious Code to Developers

by

September 4, 2024 at 09:18AM A new supply chain attack technique, Revival Hijack, targets the Python Package Index (PyPI), allowing for hijacking of over 22,000 existing PyPI packages. Attackers can publish malicious packages under the same name and a higher version, posing a significant risk to developers. The attack has already been exploited, emphasizing the … Read more

Hackers Hijack GitHub Accounts in Supply Chain Attack Affecting Top-gg and Others

by

March 25, 2024 at 08:51AM Unidentified adversaries executed a sophisticated supply chain attack targeting individual developers and Top.gg’s GitHub organization account. The attack involved multiple tactics, including account takeover and malicious code insertion. It led to theft of sensitive data and distribution of trojanized software packages. The incident underscores the need for vigilance and thorough … Read more