Security researchers have discovered a simple and troubling way for attackers to distribute malicious payloads via the PyPI package repository. All that the technique involves is re-registering a ...

The tendency of code-generating large language models (LLMs) to produce completely fictitious package names in response to certain prompts is significantly more widespread than commonly recognized, a ...

A portmanteau of "slop" and "cybersquatting," slopsquatting is the hot new thing in enshittification. Chatbots often hallucinate names, titles, software packages and of course domains to fill up the ...

AI-generated computer code is rife with references to nonexistent third-party libraries, creating a golden opportunity for supply-chain attacks that poison legitimate programs with malicious packages ...

Threat actors are utilizing an attack called "Revival Hijack," where they register new PyPi projects using the names of previously deleted packages to conduct supply chain attacks. The technique ...

Large Language Models (LLMs) have a serious “package hallucination” problem that could lead to a wave of maliciously-coded packages in the supply chain, researchers have discovered in one of the ...

A malicious package that mimics the VMware vSphere connector module ‘vConnector’ was uploaded on the Python Package Index (PyPI) under the name ‘VMConnect,’ targeting IT professionals. VMware vSphere ...

Aqua Security says PowerShell issue can allow attacks involving registration of malicious packages with names similar to existing popular package names when developers make mistakes. Researchers are ...

The PyPI package flood is just the latest in a string of attacks on public repositories with the intent to plant malicious code. Over the weekend an attacker has been uploading thousands of malicious ...