近日，研究人员发现Python软件包索引（PyPI）中存在四个不同的流氓软件包，包括投放恶意软件，删除netstat工具以及操纵SSH authorized_keys文件。 存在问题的软件包分别是是aptx、bingchilling2、httops和tkint3rs，这些软件包在被删除之前总共被下载了约450次。其中aptx是 ...

今天，我在学习及实践使用 Python 虚拟环境时，下载相应库文件，直接使用 pip 下载，结果因下载速度过于实在太慢导致始终 ...

A software security engineer has identified 12 Python libraries uploaded on the official Python Package Index (PyPI) that contained malicious code. The 12 packages have been discovered in two separate ...

In a new twist on software supply chain attacks, researchers have discovered a Python package hiding malware inside of compiled code, allowing it to evade ordinary detection measures. On April 17, ...

据Checkmarx披露，Python第三方库PyPI存在安全风险。该平台存在名为BlazeStealer的恶意木马，黑客今年1月至10月在PyPI平台上发布了8 ...

IT之家 9 月 7 日消息，安全公司 JFrog 发布报告，公布一种名为“Revival Hijack”的攻击手法，黑客寻找已下架的合法 PyPI 包，重新注册相同名称并上传带有恶意木马的新包，由于用户通常不会注意到相关变更，因此极容易遭到攻击。 研究人员对下载超过 10 万次或 ...

The PyPI package flood is just the latest in a string of attacks on public repositories with the intent to plant malicious code. Over the weekend an attacker has been uploading thousands of malicious ...

The Python Software Foundation has warned victims of a new wave of phishing attacks using a fake Python Package Index (PyPI) website to reset credentials. Accessible at pypi.org, PyPI is the default ...

On Friday, the Python Package Index (PyPI), the official repository of third-party open-source Python projects announced plans to mandate two-factor authentication requirement for maintainers of ...

Spammers have inundated the Python Package Index (PyPI) portal and the GitLab source code hosting website with garbage content, flooding both with ads for shady sites and services. The attacks were ...