packages
-
Researchers Uncover 29 Malicious PyPI Packages Targeted Developers with W4SP Stealer
Cybersecurity researchers have uncovered 29 packages in Python Package Index (PyPI), the official third-party software repository for the Python programming…
Read More » -
GitHub Repojacking Bug Could’ve Allowed Attackers to Takeover Other Users’ Repositories
Cloud-based repository hosting service GitHub has addressed a high-severity security flaw that could have been exploited to create malicious repositories…
Read More » -
Google Launches GUAC Open Source Project to Secure Software Supply Chain
Google on Thursday announced that it’s seeking contributors to a new open source initiative called Graph for Understanding Artifact Composition,…
Read More » -
Chinese Hackers Targeting Online Casinos with GamePlayerFramework Malware
An advanced persistent threat (APT) group of Chinese origin codenamed DiceyF has been linked to a string of attacks aimed…
Read More » -
New Timing Attack Against NPM Registry API Could Expose Private Packages
A novel timing attack discovered against the npm’s registry API can be exploited to potentially disclose private packages used by…
Read More » -
Scribe Platform: End-to-end Software Supply Chain Security
As software supply chain security becomes more and more crucial, security, DevSecOps, and DevOps teams are more challenged than ever…
Read More » -
LofyGang Distributed ~200 Malicious NPM Packages to Steal Credit Card Data
Multiple campaigns that distributed trojanized and typosquatted packages on the NPM open source repository have been identified as the work…
Read More » -
Researchers Report Supply Chain Vulnerability in Packagist PHP Repository
Researchers have disclosed details about a now-patched high-severity security flaw in Packagist, a PHP software package repository, that could have…
Read More » -
Asian Governments and Organizations Targeted in Latest Cyber Espionage Attacks
Government and state-owned organizations in a number of Asian countries have been targeted by a distinct group of espionage hackers…
Read More » -
JuiceLedger Hackers Behind the Recent Phishing Attacks Against PyPI Users
More details have emerged about the operators behind the first-known phishing campaign specifically aimed at the Python Package Index (PyPI),…
Read More »