An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive ...

随后，LiteLLM的CI/CD在构建过程中接触到了被污染的Trivy，并让攻击者窃取到了维护者的PyPI凭证。利用该凭证，攻击者先后发布恶意版本LiteLLM 1.82.7和LiteLLM 1.82.8。

This was not a case of stolen credentials, but rather of vulnerability exploitation.

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a ...

据Checkmarx披露，Python第三方库PyPI存在安全风险。该平台存在名为BlazeStealer的恶意木马，黑客今年1月至10月在PyPI平台上发布了8 ...

The Slovak National Security Office (NBU) has identified ten malicious Python libraries uploaded on PyPI — Python Package Index — the official third-party software repository for the Python ...

A widely used open-source PyPI package, elementary-data, was compromised in a targeted attack that inserted infostealer malware via a GitHub Actions vulnerability. The malicious update, version 0.23.3 ...

The scanners tasked with weeding out malicious contributions to packages distributed via the popular open source code repository Python Package Index (PyPI) create a significant number of false alerts ...

A security firm found three malicious Python libraries uploaded on the official Python Package Index (PyPI) that contained a hidden backdoor which would activate when the libraries were installed on ...

The PyPI package flood is just the latest in a string of attacks on public repositories with the intent to plant malicious code. Over the weekend an attacker has been uploading thousands of malicious ...