| by Arround The Web

Phishing PyPI Users: Attackers Compromise Legitimate Projects

PyPI, the official third-party software repository for Python packages, is warning about a phishing campaign targeting its users. Learn more here.
The post Phishing PyPI Users: Attackers Compromise Legitimate Projects appeared first on Linux Today.

Share Button
Read More
| by Arround The Web

Malicious PyPI Packages Drop Ransomware, Fileless Malware

Ax Sharma, Senior Security Researcher at Sonatype, discusses newly found PyPI packages that pack ransomware in this article.
The post Malicious PyPI Packages Drop Ransomware, Fileless Malware appeared first on Linux Today.

Share Button
Read More
| by Arround The Web

Malicious packages mitmproxy2 and mitmproxy-iframe removed from PyPI directory

The author of mitmproxy, a tool for analyzing HTTP / HTTPS traffic, drew attention to the appearance of a fork of his project in the Python Package Index (PyPI) directory. The fork was distributed under the similar name mitmproxy2 and the non-existent version 8.0.1 (current release of mitmproxy 7.0.4) with the expectation that inattentive users […]

The post Malicious packages mitmproxy2 and mitmproxy-iframe removed from PyPI directory appeared first on Linux Today.

Share Button
Read More
| by Arround The Web

Supply Chain Flaws Found in Python Package Repository

Administrators overseeing the Python Package Index (PyPI) in recent days found themselves responding to vulnerabilities found in the repository of open source software, the latest security problems to hit the Python community. Most recently, the PyPI group sent out fixes for three vulnerabilities that were discovered by security researcher RyotaK and published on his blog. Two […]

The post Supply Chain Flaws Found in Python Package Repository appeared first on Linux Today.

Share Button
Read More