The Python Software Foundation (PSF) received three subpoenas issued by the U.S. Department of Justice for forking over PyPI user data.
The post The Python Software Foundation Shares PyPI Subpoenas Details appeared first on Linux Today.
Last month, security researchers at Sonatype caught 691 malicious packages in the npm registry and 49 in the PyPI registry.
The post 700+ Malicious Open-Source Packages Found in npm and PyPI appeared first on Linux Today.
PyPI, the official third-party software repository for Python packages, is warning about a phishing campaign targeting its users. Learn more here.
The post Phishing PyPI Users: Attackers Compromise Legitimate Projects appeared first on Linux Today.
Ax Sharma, Senior Security Researcher at Sonatype, discusses newly found PyPI packages that pack ransomware in this article.
The post Malicious PyPI Packages Drop Ransomware, Fileless Malware appeared first on Linux Today.
The author of mitmproxy, a tool for analyzing HTTP / HTTPS traffic, drew attention to the appearance of a fork of his project in the Python Package Index (PyPI) directory. The fork was distributed under the similar name mitmproxy2 and the non-existent version 8.0.1 (current release of mitmproxy 7.0.4) with the expectation that inattentive users […]
The post Malicious packages mitmproxy2 and mitmproxy-iframe removed from PyPI directory appeared first on Linux Today.
Administrators overseeing the Python Package Index (PyPI) in recent days found themselves responding to vulnerabilities found in the repository of open source software, the latest security problems to hit the Python community. Most recently, the PyPI group sent out fixes for three vulnerabilities that were discovered by security researcher RyotaK and published on his blog. Two […]
The post Supply Chain Flaws Found in Python Package Repository appeared first on Linux Today.