A software security engineer has identified 12 Python libraries uploaded on the official Python Package Index (PyPI) that contained malicious code. The 12 packages have been discovered in two separate ...
据Checkmarx披露,Python第三方库PyPI存在安全风险。该平台存在名为BlazeStealer的恶意木马,黑客今年1月至10月在PyPI平台上发布了8 ...
近日,研究人员发现Python软件包索引(PyPI)中存在四个不同的流氓软件包,包括投放恶意软件,删除netstat工具以及操纵SSH authorized_keys文件。 存在问题的软件包分别是是aptx、bingchilling2、httops和tkint3rs,这些软件包在被删除之前总共被下载了约450次。其中aptx是 ...
North Korea-linked Lazarus campaign spreads malicious npm and PyPI packages via fake crypto job offers, deploying RATs and ...
The Python Software Foundation has warned victims of a new wave of phishing attacks using a fake Python Package Index (PyPI) website to reset credentials. Accessible at pypi.org, PyPI is the default ...
On Friday, the Python Package Index (PyPI), the official repository of third-party open-source Python projects announced plans to mandate two-factor authentication requirement for maintainers of ...
Spammers have inundated the Python Package Index (PyPI) portal and the GitLab source code hosting website with garbage content, flooding both with ads for shady sites and services. The attacks were ...
In a new twist on software supply chain attacks, researchers have discovered a Python package hiding malware inside of compiled code, allowing it to evade ordinary detection measures. On April 17, ...
JFrog安全研究团队近期发现并报告了一起严重的安全事件,一个具有管理员权限的访问令牌在Docker Hub上托管的某个公共Docker容器中意外泄露,该令牌可访问Python、PyPI及Python软件基金会(PSF)的GitHub仓库。 作为一项针对线上社区的服务,JFrog安全研究团队持续扫描 ...
一些您可能无法访问的结果已被隐去。
显示无法访问的结果