packages
-
W4SP Stealer Discovered in Multiple PyPI Packages Under Various Names
Dec 24, 2022Ravie LakshmananSoftware Security / Supply Chain Threat actors have published yet another round of malicious packages to Python…
Read More » -
Researchers Discover Malicious PyPI Package Posing as SentinelOne SDK to Steal Data
Dec 19, 2022Ravie LakshmananSoftware Security / Supply Chain Cybersecurity researchers have discovered a new malicious package on the Python Package…
Read More » -
Google Launches Largest Distributed Database of Open Source Vulnerabilities
Dec 13, 2022Ravie LakshmananOpen Source / Vulnerability Database Google on Tuesday announced the open source availability of OSV-Scanner, a scanner…
Read More » -
Malware Strains Targeting Python and JavaScript Developers Through Official Repositories
Dec 13, 2022Ravie Lakshmanan An active malware campaign is targeting the Python Package Index (PyPI) and npm repositories for Python…
Read More » -
Darknet’s Largest Mobile Malware Marketplace Threatens Users Worldwide
Dec 06, 2022Ravie LakshmananMobile Malware / Darknet Cybersecurity researchers have shed light on a darknet marketplace called InTheBox that’s designed…
Read More » -
Critical Ping Vulnerability Allows Remote Attackers to Take Over FreeBSD Systems
Dec 05, 2022Ravie LakshmananEndpoint Security / Pen Testing The maintainers of the FreeBSD operating system have released updates to remediate…
Read More » -
Hackers Sign Android Malware Apps with Compromised Platform Certificates
Platform certificates used by Android smartphone vendors like Samsung, LG, and MediaTek have been found to be abused to sign…
Read More » -
Researchers Find a Way Malicious NPM Libraries Can Evade Vulnerability Detection
New findings from cybersecurity firm JFrog show that malware targeting the npm ecosystem can evade security checks by taking advantage…
Read More »