News

WeLiveSecurity1y
A pernicious potpourri of Python packages in PyPI - WeLiveSecurity
Tactic. ID. Name. Description. Initial Access. T1195.001. Supply Chain Compromise: Compromise Software Dependencies and Development Tools. Malware is distributed using Python’s PyPl package ...
Bleeping Computer6y
Python Package Installation Can Trigger Malicious Code - BleepingComputer
Python modules are typically installed using a package manager called 'pip', which launches a 'setup.py' file that is made available by the developer of the package for installation purposes.
Ars Technica7y
Devs unknowingly use “malicious” modules snuck into official Python ...
Devs unknowingly use “malicious” modules snuck into official Python repository Code packages available in PyPI contained modified installation scripts.
Bleeping Computer7y
Backdoored Python Library Caught Stealing SSH Credentials
This time around, the backdoor was found in a Python module, and not an npm (JavaScript) package. The module's name is SSH Decorator (ssh-decorate), developed by Israeli developer Uri Goren, a ...