News

Ars Technica7y
Devs unknowingly use “malicious” modules snuck into official Python repository
The unidentified people who made available the code packages gave them names that closely resembled those used for packages found in the standard Python library ... secret module, an app's ...
Bleeping Computer7y
Backdoored Python Library Caught Stealing SSH Credentials
the backdoor was found in a Python module, and not an npm (JavaScript) package. The module's name is SSH Decorator (ssh-decorate), developed by Israeli developer Uri Goren, a library for handling ...
Malicious Python packages are stealing vital data, and have been downloaded thousands of times already
Researchers found three malicious PyPI packages, two targeting bitcoin developers, and one WooCommerce stores Two are designed to steal data, and the third to test for valid credit cards All three ...
Bleeping Computer3y
Popular Python and PHP libraries hijacked to steal AWS keys
ctx' is a minimal Python module that lets developers manipulate their dictionary ('dict') objects in a variety of ways. The package ... Python's ctx library and a fork of PHP's phpass have ...
Computing3y
PyPI package 'ctx' and PHP library 'phpass' hijacked to obtain AWS keys
Security researchers this week identified two corrupt Python and PHP packages in what appears ... Despite their popularity, the phpass and ctx library modules do not seem to have been updated ...