News

Infosecurity-magazine.com12mon
New PyPI Package Zlibxjson Steals Discord, Browser Data
A dangerous package has been found on the PyPI repository. Named zlibxjson version 8.2, the malicious package was flagged by Fortinet’s AI-driven OSS malware detection system on July 3 2024, shortly ...
Bleeping Computer2y
Malicious ‘SentinelOne’ PyPI package steals data from developers
The malicious SentinelOne package was uploaded to PyPI for the first time on December 11, 2022, and has been updated twenty times since then. SentinelOne package on PyPI (ReversingLabs) ...
TechRadar2y
More PyPI packages stealing data have been discovered
PyPI is arguably the world’s most popular Python package repository, hosting more than 200,000 packages that developers can use to speed up their development process.
Infosecurity-magazine.com2y
Hundreds of Malicious Packages Found in npm Registry
Security researchers discovered over 400 malicious packages in the popular open source registry npm in December, and dozens more in PyPI. Sonatype explained in a blog post that its AI tooling spotted ...
Bleeping Computer2mon
Malicious PyPI packages abuse Gmail, websockets to hijack systems
Seven malicious PyPi packages were found using Gmail's SMTP servers and WebSockets for data exfiltration and remote command execution. The packages were discovered by Socket's threat research team ...
Ars Technica3y
Software downloaded 30,000 times from PyPI ransacked developers ...
Open source packages downloaded an estimated 30,000 times from the PyPI open source repository contained malicious code that surreptitiously stole credit card data and login credentials and ...