Dark Reading

Malicious Python Repository Package Drops Cobalt Strike on Windows, macOS & Linux Systems

Public repositories of open source code are a critical part of the software supply chain that many organizations use to build applications. They are therefore an attractive target for adversaries ...
IT News For Australia Business

Fake Python packages proffered to programmers

Python developers have been warned to be on guard against malicious packages in the open source coding language's software repository, and to validate what they download to include in their programs.
ZDNet

Twelve malicious Python libraries found and removed from PyPI

A software security engineer has identified 12 Python libraries uploaded on the official Python Package Index (PyPI) that contained malicious code. The 12 packages have been discovered in two separate ...
Computing

Malicious 'typosquat' Python packages with ransomware scripts discovered

Researchers at software supply chain management firm Sonatype have identified many malicious Python packages with ransomware scripts. In a blog post detailing their findings, Sonatype researcher Ax ...
TechRadar

Python developers targeted with fake PyPl packages

Another day, another malicious package being discovered on the Python Package Index (PyPI) repository. Ax Sharma, a cybersecurity researcher from Sonatype, found a typosquatted version of the ...