Security News > 2024 > September > Researchers Find Over 22,000 Removed PyPI Packages at Risk of Revival Hijack

Researchers Find Over 22,000 Removed PyPI Packages at Risk of Revival Hijack
2024-09-04 13:00

A new supply chain attack technique targeting the Python Package Index (PyPI) registry has been exploited in the wild in an attempt to infiltrate downstream organizations. It has been codenamed Revival Hijack by software supply chain security firm JFrog, which said the attack method could be used to hijack 22,000 existing PyPI packages and result in "hundreds of thousands" of malicious package


News URL

https://thehackernews.com/2024/09/hackers-hijack-22000-removed-pypi.html

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Pypi 15 0 0 1 15 16