近日，研究人员发现Python软件包索引（PyPI）中存在四个不同的流氓软件包，包括投放恶意软件，删除netstat工具以及操纵SSH authorized_keys文件。 存在问题的软件包分别是是aptx、bingchilling2、httops和tkint3rs，这些软件包在被删除之前总共被下载了约450次。其中aptx是 ...

Two malicious versions of two Python packages were introduced in the Python Package Index (PyPI) with the purpose of stealing SSH and GPG keys from Python developers' projects. One of them, using ...

据Checkmarx披露，Python第三方库PyPI存在安全风险。该平台存在名为BlazeStealer的恶意木马，黑客今年1月至10月在PyPI平台上发布了8 ...

The Python Software Foundation has warned victims of a new wave of phishing attacks using a fake Python Package Index (PyPI) website to reset credentials. Accessible at pypi.org, PyPI is the default ...

The scanners tasked with weeding out malicious contributions to packages distributed via the popular open source code repository Python Package Index (PyPI) create a significant number of false alerts ...

PyPI is the official Python Package Index that currently contains 500,972 projects, 5,228,535 million releases, 9,950,103 million files, and 770,841 users. PyPI helps users locate and install software ...

The official software repository for the Python language, Python Package Index (PyPI), has been targeted in a complex supply chain attack that appears to have successfully poisoned at least two ...

In a new twist on software supply chain attacks, researchers have discovered a Python package hiding malware inside of compiled code, allowing it to evade ordinary detection measures. On April 17, ...

Researchers have uncovered yet another supply chain attack targeting an open source code repository, showing that the technique, which has gained wide use in the past few years, isn’t going away any ...

A security firm found three malicious Python libraries uploaded on the official Python Package Index (PyPI) that contained a hidden backdoor which would activate when the libraries were installed on ...