packages

February 8, 2023

NIST Standardizes Ascon Cryptographic Algorithm for IoT and Other Lightweight Devices

Encryption / IoT Security The U.S. National Institute of Standards and Technology (NIST) has announced that a family of authenticated…
Read More »
February 3, 2023

New High-Severity Vulnerabilities Discovered in Cisco IOx and F5 BIG-IP Products

Network Security / Vulnerability F5 has warned of a high-severity flaw impacting BIG-IP appliances that could lead to denial-of-service (DoS)…
Read More »
January 17, 2023

Researchers Uncover 3 PyPI Packages Spreading Malware to Developer Systems

Jan 17, 2023Ravie LakshmananSoftware Security / Supply Chain A threat actor by the name Lolip0p has uploaded three rogue packages…
Read More »
January 9, 2023

Malicious PyPI Packages Using Cloudflare Tunnels to Sneak Through Firewalls

Jan 09, 2023Ravie LakshmananNetwork Security / Supply Chain In yet another campaign targeting the Python Package Index (PyPI) repository, six…
Read More »
January 2, 2023

PyTorch Machine Learning Framework Compromised with Malicious Dependency

Jan 02, 2023Ravie LakshmananSupply Chain / Machine Learning The maintainers of the PyTorch package have warned users who have installed…
Read More »
December 24, 2022

W4SP Stealer Discovered in Multiple PyPI Packages Under Various Names

Dec 24, 2022Ravie LakshmananSoftware Security / Supply Chain Threat actors have published yet another round of malicious packages to Python…
Read More »
December 19, 2022

Researchers Discover Malicious PyPI Package Posing as SentinelOne SDK to Steal Data

Dec 19, 2022Ravie LakshmananSoftware Security / Supply Chain Cybersecurity researchers have discovered a new malicious package on the Python Package…
Read More »
December 15, 2022

Hackers Bombard Open Source Repositories with Over 144,000 Malicious Packages

Dec 15, 2022Ravie Lakshmanan NuGet, PyPi, and npm ecosystems are the target of a new campaign that has resulted in…
Read More »
December 13, 2022

Google Launches Largest Distributed Database of Open Source Vulnerabilities

Dec 13, 2022Ravie LakshmananOpen Source / Vulnerability Database Google on Tuesday announced the open source availability of OSV-Scanner, a scanner…
Read More »
December 13, 2022

Malware Strains Targeting Python and JavaScript Developers Through Official Repositories

Dec 13, 2022Ravie Lakshmanan An active malware campaign is targeting the Python Package Index (PyPI) and npm repositories for Python…
Read More »

Previous page Next page