News
The Python Software Foundation warned users this week that threat actors are trying to steal their credentials in phishing attacks using a fake Python Package Index (PyPI) website.
The 12 packages have been discovered in two separate scans by a security engineer who goes online by the name of Bertus, and have long been removed from PyPI before this article's publication.
Multiple malicious Python packages available on the PyPI repository were caught stealing sensitive information like AWS credentials and transmitting it to publicly exposed endpoints accessible by ...
Tainting legitimate PyPI packages with malware is also a common occurrence. Many Python developers trust the platform, and use the code found there in various projects.
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback