Showing only posts tagged pypi. Show all posts.

PyPI halted new users and projects while it fended off supply-chain attack

Source

Enlarge / Supply-chain attacks, like the latest PyPI discovery, insert malicious code into seemingly functional software packages used by developers. They're becoming increasingly common. (credit: Getty Images) PyPI, a vital repository for open source developers, temporarily halted new project creation and new user registration following an onslaught of package uploads …

Developers can’t seem to stop exposing credentials in publicly accessible code

Source

Enlarge (credit: Victor De Schwanberg/Science Photo Library via Getty Images) Despite more than a decade of reminding, prodding, and downright nagging, a surprising number of developers still can’t bring themselves to keep their code free of credentials that provide the keys to their kingdoms to anyone who …

10 malicious Python packages exposed in latest repository attack

Source

Enlarge / Supply-chain attacks, like the latest PyPi discovery, insert malicious code into seemingly functional software packages used by developers. They're becoming increasingly common. (credit: Getty Images) Researchers have discovered yet another set of malicious packages in PyPi, the official and most popular repository for Python programs and code libraries …

Ahoy, there’s malice in your repos—PyPI is the latest to be abused

Source

Enlarge (credit: Getty Images) Counterfeit packages downloaded roughly 5,000 times from the official Python repository contained secret code that installed cryptomining software on infected machines, a security researcher has found. The malicious packages, which were available on the PyPI repository, in many cases used names that mimicked those …