WeLiveSecurity

A pernicious potpourri of Python packages in PyPI

PyPI is popular among Python programmers for sharing and downloading code. Since anyone can contribute to the repository, malware – sometimes posing as legitimate, popular code libraries – can appear ...
GIGAZINE

Report that millions of ``copies of existing repositories embedded with malicious code'' were uploaded to GitHub

GitHub is one of the world's largest software development platforms, with a wide variety of repositories available, from major to niche. However, a large-scale 'repo confusion' campaign has been ...
Dark Reading

One-Third of Popular PyPI Packages Mistakenly Flagged as Malicious

The scanners tasked with weeding out malicious contributions to packages distributed via the popular open source code repository Python Package Index (PyPI) create a significant number of false alerts ...
PC Gamer

GitHub is under automated attack by millions of cloned repositories filled with malicious code

Thanks to a combination of sophisticated methodology and social engineering, this particular attack seems to be very difficult to stop. When you purchase through links on our site, we may earn an ...
Dark Reading

Malicious Python Repository Package Drops Cobalt Strike on Windows, macOS & Linux Systems

Public repositories of open source code are a critical part of the software supply chain that many organizations use to build applications. They are therefore an attractive target for adversaries ...