Threat Post

Cryptominers Slither into Python Projects in Supply-Chain Campaign

These code bombs lurk in the PyPI package repository, waiting to be inadvertently baked into software developers’ applications. A group of cryptominers was found to have infiltrated the Python Package ...
Yahoo Finance

Introducing Chainguard Libraries for Python: Malware-Resistant Dependencies Built Entirely from Source

Today, more than half of the world's developers rely on Python, a programming language that has become the foundation of modern AI and machine learning applications. As the popularity of Python has ...
Bleeping Computer

PyPI invalidates tokens stolen in GhostAction supply chain attack

The Python Software Foundation team has invalidated all PyPI tokens stolen in the GhostAction supply chain attack in early September, confirming that the threat actors didn't abuse them to publish ...
IT News For Australia Business

Python supply chain exploited to distribute malware

A Python coding community is undergoing a software supply-chain attack, with threat actors targeting the 170,000-strong Top.gg GitHub organisation with malware. Top.gg began life as Discord Bots, ...
IT News For Australia Business

Python's PyPI registry suffers another supply-chain attack

Unknown attackers have compromised a package in the Python PyPI registry, injecting a malicious binary into it, the maintainers of the open source machine learning framework PyTorch are warning. The ...
Bdaily Business Network

Python Package Index (PyPI) phishing campaign: JuiceLedger threat actor pivots from fake apps to supply chain attacks

SentinelLabs, in collaboration with Checkmarx, has been tracking the activity and evolution of a threat actor dubbed “JuiceLedger”. In early 2022, JuiceLedger began running relatively low-key ...