A malicious Python Package Index (PyPI) package, dubbed “aiocpa” and engineered to steal cryptocurrency wallet data, has been uncovered by security researchers. The package posed as a legitimate ...
The scanners tasked with weeding out malicious contributions to packages distributed via the popular open source code repository Python Package Index (PyPI) create a significant number of false alerts ...
Thousands of applications that have taken advantage of open source Python Package Index (PyPI) software packages may be at risk of hijacking and subversion by malicious actors, opening up the ...
A dozen malicious PyPi packages have been discovered installing malware that modifies the Discord client to become an information-sealing backdoor and stealing data from web browsers and Roblox. The ...
The PyPI package flood is just the latest in a string of attacks on public repositories with the intent to plant malicious code. Over the weekend an attacker has been uploading thousands of malicious ...
A nightly build version of a machine-learning framework dependency has been compromised. The package ran malicious code on affected systems and stole data from unsuspecting users. Image: ...
When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. Developers who published projects on PyPI with their email in package metadata are being targeted ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback