New malicious packages found in Python Package Index repository
A threat actor has uploaded three malicious packages to the PyPI (Python Package Index) repository. The packages reportedly drop info-stealing malware on developers' systems.
The threat is significant, according to BleepingComputer, as PyPI is the most widely used repository for Python package... Read more
Researchers find malicious info-stealing packages in PyPI
Security firm Phylum discovered six malicious packages on the Python Package Index (PyPI). The packages installed info-stealing RAT (remote access trojan) malware using Cloudflare Tunnel to bypass firewalls.
The packages attempted to steal sensitive user information from browsers, run shell comm... Read more
Half of Python Libraries in Package Index have security issues
Researchers in Finland have examined the open-source software libraries in the Python Package Index and found that it is riddled with security issues. The researchers found that PyPI, as it is popularly known, has potentially vulnerable code in nearly half the index.
The research was published i... Read more
Python Package Index purges 3,653 malicious libraries
Just days after a security weakness in the use of private and public registries was highlighted, the Python Package Index, also known as PyPI, has removed 3,653 malicious packages that were uploaded when the security flaw was highlighted.
PyPI is used by Python developers to add software librari... Read more