Bleeping Computer

Malicious ‘Lolip0p’ PyPi packages install info-stealing malware

A threat actor has uploaded to the PyPI (Python Package Index) repository three malicious packages that carry code to drop info-stealing malware on developers' systems. The malicious packages, ...
マイナビニュース

PyPIユーザー狙うサイバー攻撃、インストールするだけでマルウェア ...

Phylumはこのほど、「A Deep Dive Into poweRAT: a Newly Discovered Stealer/RAT Combo Polluting PyPI」において、PyPI (Python Package Index)ユーザーに対して行われたマルウェアキャンペーンを発見したと伝えた。開発者のシステムに情報窃取を行うマルウェアを展開する6つの悪意の ...
マイナビニュース

マルウェアを含む悪意あるパッケージの概要

ESETによるとこれら悪意のあるパッケージは合計1万回以上ダウンロードされており、2023年5月以降は平均して約80回/日の ...

Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable ...

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious ...
The Hacker News

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...
ZDNet

Twelve malicious Python libraries found and removed from PyPI

A software security engineer has identified 12 Python libraries uploaded on the official Python Package Index (PyPI) that contained malicious code. The 12 packages have been discovered in two separate ...
The Hacker News

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm ...