Browsing Tag
PyPI
19 posts
PSF Warns of Fake PyPI Login Site Stealing User Credentials
The Python Software Foundation (PSF) warns developers of phishing emails leading to a fake PyPI login site designed to steal account credentials.
China-Linked AI Pentest Tool ‘Villager’ Raises Concern After 10K Downloads
China-linked AI tool Villager, published on PyPI, automates cyberattacks and has got experts worried after 10,000 downloads in…
GhostAction Attack Steals 3,325 Secrets from GitHub Projects
GhostAction supply chain attack hit 817 GitHub repositories, stealing 3,325 secrets including npm, PyPI, and DockerHub tokens.
Backdoors in Python and NPM Packages Target Windows and Linux
Checkmarx uncovers cross-ecosystem attack: fake Python and NPM packages plant backdoor on Windows and Linux, enabling data theft plus remote control.
Malware Hidden in AI Models on PyPI Targets Alibaba AI Labs Users
ReversingLabs discovers new malware hidden inside AI/ML models on PyPI, targeting Alibaba AI Labs users. Learn how attackers…
Hackers Hide Malware in Fake DeepSeek PyPI Packages
Malicious DeepSeek packages on PyPI spread malware, stealing sensitive data like API keys. Learn how this attack targeted developers and how to protect yourself.
Python Malware in Zebo-0.1.0 and Cometlogger-0.1 Found Stealing User Data
Fortinet discovers two malicious Python packages, Zebo-0.1.0 and Cometlogger-0.1, designed to steal data, capture keystrokes, and gain system control. Learn about their malicious behavior and how to protect yourself
Ultralytics AI Library with 60M Downloads Compromised for Cryptomining
Another day, another supply chain attack!
Fabrice Malware on PyPI Has Been Stealing AWS Credentials for 3 Years
The malicious Python package “Fabrice” on PyPI mimics the “Fabric” library to steal AWS credentials, affecting thousands. Learn how…
New PyPI Malware Poses as Crypto Wallet Tools to Steal Private Keys
Checkmarx researchers discovered PyPI malware posing as crypto wallet tools. These malicious packages stole private keys and recovery…