Security News

PyPI Python Library "aiocpa" Found Exfiltrating Crypto Keys via Telegram Bot
2024-11-25 13:54

The administrators of the Python Package Index (PyPI) repository have quarantined the package "aiocpa" following a new update that included malicious code to exfiltrate private keys via Telegram....

PyPI Attack: ChatGPT, Claude Impersonators Deliver JarkaStealer via Python Libraries
2024-11-22 06:15

Cybersecurity researchers have discovered two malicious packages uploaded to the Python Package Index (PyPI) repository that impersonated popular artificial intelligence (AI) models like OpenAI...

Researchers Uncover Python Package Targeting Crypto Wallets with Malicious Code
2024-10-30 11:00

Cybersecurity researchers have discovered a new malicious Python package that masquerades as a cryptocurrency trading tool but harbors functionality designed to steal sensitive data and drain...

Open source LLM tool primed to sniff out Python zero-days
2024-10-20 09:00

The static analyzer uses Claude AI to identify vulns and suggest exploit code Researchers with Seattle-based Protect AI plan to release a free, open source tool that can find zero-day...

Supply Chain Attacks Can Exploit Entry Points in Python, npm, and Open-Source Ecosystems
2024-10-14 11:08

Cybersecurity researchers have found that entry points could be abused across multiple programming ecosystems like PyPI, npm, Ruby Gems, NuGet, Dart Pub, and Rust Crates to stage software supply...

New PondRAT Malware Hidden in Python Packages Targets Software Developers
2024-09-23 06:39

Threat actors with ties to North Korea have been observed using poisoned Python packages as a way to deliver a new malware called PondRAT as part of an ongoing campaign. PondRAT, according to new...

Python Developers Targeted with Malware During Fake Job Interviews
2024-09-17 11:02

Interesting social engineering attack: luring potential job applicants with fake recruiting pitches, trying to convince them to download malware. From a news article These particular attacks from...

Fake password manager coding test used to hack Python developers
2024-09-11 21:09

Members of the North Korean hacker group Lazarus posing as recruiters are baiting Python developers with coding test project for password management products that include malware. [...]

Leaked GitHub Python Token
2024-08-02 11:01

Cybersecurity researchers from JFrog recently discovered a GitHub Personal Access Token in a public Docker container hosted on Docker Hub, which granted elevated access to the GitHub repositories of the Python language, Python Package Index, and the Python Software Foundation. The implications of someone finding this leaked token could be extremely severe.

Hackers Distributing Malicious Python Packages via Popular Developer Q&A Platform
2024-08-01 13:32

In yet another sign that threat actors are always looking out for new ways to trick users into downloading malware, it has come to light that the question-and-answer platform known as Stack Exchange has been abused to direct unsuspecting developers to bogus Python packages capable of draining their cryptocurrency wallets. The packages have been collectively downloaded 2,082 times.