日本語
English Indonesia Türkçe Deutsch Español Português Pусский Français Italiano Nederlands Polski العربية ไทย Tiếng Việt 繁體中文 简体中文 日本語 한국어

#pypi 検索結果

bzvr_'s profile picture. Senior Security Researcher @ Kaspersky, GReAT | Drovosec CTF team | Tweets are my own
Leonid Bezvershenko
@bzvr_
/11/20

🚨 We discovered two malicious Python packages in #PyPI repository that remained undetected for over a year. These packages mimicked tools for working with popular AI language models (#ChatGPT and #Claude), silently exfiltrating data and compromising developer environments.…

bzvr_'s tweet image. 🚨 We discovered two malicious Python packages in #PyPI repository that remained undetected for over a year. These packages mimicked tools for working with popular AI language models (#ChatGPT and #Claude), silently exfiltrating data and compromising developer environments.…
15
275
968
364
159千
SethKingHi's profile picture. Senior Security Researcher @kaspersky GReAT, tweets and opinions are my own.
SKII
@SethKingHi
/07/24

#OceanLotus #APT32 #PyPi uuid32_utils-1.x.x-py3-none-win32.whl cf3f59e2c4c8767697ea46475171697c 91a476fea45abc8b208e0a9e3293f774 a7a0add66b205967562c1fa9643b8421 22538214a3c917ff3b13a9e2035ca521 02f4701559fc40067e69bb426776a54f 5598baa59c716590d8841c6312d8349e Backward.dll…

SethKingHi's tweet image. #OceanLotus #APT32 #PyPi uuid32_utils-1.x.x-py3-none-win32.whl cf3f59e2c4c8767697ea46475171697c 91a476fea45abc8b208e0a9e3293f774 a7a0add66b205967562c1fa9643b8421 22538214a3c917ff3b13a9e2035ca521 02f4701559fc40067e69bb426776a54f 5598baa59c716590d8841c6312d8349e Backward.dll…
SethKingHi's tweet image. #OceanLotus #APT32 #PyPi uuid32_utils-1.x.x-py3-none-win32.whl cf3f59e2c4c8767697ea46475171697c 91a476fea45abc8b208e0a9e3293f774 a7a0add66b205967562c1fa9643b8421 22538214a3c917ff3b13a9e2035ca521 02f4701559fc40067e69bb426776a54f 5598baa59c716590d8841c6312d8349e Backward.dll…
SethKingHi's tweet image. #OceanLotus #APT32 #PyPi uuid32_utils-1.x.x-py3-none-win32.whl cf3f59e2c4c8767697ea46475171697c 91a476fea45abc8b208e0a9e3293f774 a7a0add66b205967562c1fa9643b8421 22538214a3c917ff3b13a9e2035ca521 02f4701559fc40067e69bb426776a54f 5598baa59c716590d8841c6312d8349e Backward.dll…
2
6
22
2
3千
plastic96_'s profile picture. • Speak English, Chinese & Ancient Greek • Taught Jimi Hendrix how to play guitar • Been on the moon, twice • Responsible
Akshita Dixit
 @plastic96_
2024/08/24

I was annoyed of having to write README files for my projects. So I went ahead and created a CLI tool to auto-generate README files for any project regardless of programming language! 📜✨ It creates a comprehensive README based on your project. Check it out on #PyPI and #npm

plastic96_'s tweet image. I was annoyed of having to write README files for my projects. So I went ahead and created a CLI tool to auto-generate README files for any project regardless of programming language! 📜✨ It creates a comprehensive README based on your project. Check it out on #PyPI and #npm
plastic96_'s tweet image. I was annoyed of having to write README files for my projects. So I went ahead and created a CLI tool to auto-generate README files for any project regardless of programming language! 📜✨ It creates a comprehensive README based on your project. Check it out on #PyPI and #npm
18
11
134
76
12千
xavierfiechter's profile picture. I'm building @labelbase_space, the all-in-one label and coin control management service for Bitcoin, and focusing on other projects related to BIP-329.
Xavier "The Label Guy" Fiechter
@xavierfiechter
/09/26

🎉 Just published bip329 v1.0.0 to PyPI! pip install bip329==1.0.0 #Python #PyPI #OpenSource #bip329

xavierfiechter's tweet image. 🎉 Just published bip329 v1.0.0 to PyPI! pip install bip329==1.0.0 #Python #PyPI #OpenSource #bip329
1
1
3
0
126
fastly's profile picture. Get more powerful websites and applications with Fastly’s edge cloud platform. We help places like Reddit, Epic Games, the NYT, and GitHub do so every day.
Fastly
@fastly
/09/17

How do you optimize package delivery for 950,000+ Python developers? Check out how we're using Individual Provider Anycast to power platforms like @PyPI, where small improvements × billions of requests = massive impact! fastly.com/blog/powering-… #fastforward #pypi

fastly's tweet image. How do you optimize package delivery for 950,000+ Python developers? Check out how we're using Individual Provider Anycast to power platforms like @PyPI, where small improvements × billions of requests = massive impact! fastly.com/blog/powering-… #fastforward #pypi
0
0
1
0
515
JFrogSecurity's profile picture. The JFrog Security Research Team empowers developers and companies to excel by identifying, prioritizing, and mitigating software risks.
JFrog Security
@JFrogSecurity
2024/09/04

🚨Over 22k packages are vulnerable (or over 120k by looser measurement) to a new #SoftwareSupplyChain attack vector: Hijacking abandoned #PyPI packages. Potentially critical for orgs relying on abandoned packages, learn more about our team's discovery: jfrog.co/4gpsbUH

JFrogSecurity's tweet image. 🚨Over 22k packages are vulnerable (or over 120k by looser measurement) to a new #SoftwareSupplyChain attack vector: Hijacking abandoned #PyPI packages. Potentially critical for orgs relying on abandoned packages, learn more about our team's discovery: jfrog.co/4gpsbUH
1
8
12
0
739
ReversingLabs's profile picture. ReversingLabs is the trusted name in file and software security. RL - Trust Delivered.
ReversingLabs
@ReversingLabs
/07/07

⚠️🧵 RL threat researchers detected an impersonation attempt targeting a popular #PyPI cloudscraper package with more than 50M downloads. It has the suffix "safe" added, but it is all but safe: secure.software/pypi/packages/…

ReversingLabs's tweet image. ⚠️🧵 RL threat researchers detected an impersonation attempt targeting a popular #PyPI cloudscraper package with more than 50M downloads. It has the suffix "safe" added, but it is all but safe: secure.software/pypi/packages/…
1
3
7
2
776
blueteamsec1's profile picture. The cybersecurity home for the latest #BlueTeam, #DFIR, and #ThreatHunting news and tools.
Blue Team News
@blueteamsec1
/08/28

PyPI Warns of Ongoing Phishing Campaign Using Fake Verification Emails and Lookalike Domain dlvr.it/TMkqLV #PyPI #Phishing #CyberSecurity #EmailScam #Python

blueteamsec1's tweet image. PyPI Warns of Ongoing Phishing Campaign Using Fake Verification Emails and Lookalike Domain dlvr.it/TMkqLV #PyPI #Phishing #CyberSecurity #EmailScam #Python
1
0
1
0
702
faissaloux's profile picture. Software Engineer / Fullstack web developer / opensource — created @termspark, @geranslator ... https://t.co/OWNpWlDucF
faissal wahabali 👌
 @faissaloux
2023/12/03

This is done by Termspark 🔥 Text blink, italic text and more styles support on next release (1.7.0) Wait for it! #python #pypi #opensource

0
1
2
0
42
ReversingLabs's profile picture. ReversingLabs is the trusted name in file and software security. RL - Trust Delivered.
ReversingLabs
@ReversingLabs
/06/24

It's been a busy day for us! ⚠️🧵 RL's automated detection system flagged a new malicious #PyPI package: secure.software/pypi/packages/… While name would suggest this is a ChatGPT related project, it actually contains a #malware loader.

ReversingLabs's tweet image. It's been a busy day for us! ⚠️🧵 RL's automated detection system flagged a new malicious #PyPI package: secure.software/pypi/packages/… While name would suggest this is a ChatGPT related project, it actually contains a #malware loader.
1
3
2
0
405
ActiveState's profile picture. ActiveState enables DevOps, InfoSec, and Development teams to improve their security posture while simultaneously increasing productivity and innovation.
ActiveState
@ActiveState
2024/04/17

🎉 ActiveState is pleased to announce our inclusion as a Trusted Publisher to PyPI, enabling Python authors to securely publish Python packages directly via ActiveState’s Platform. Become a trusted author today: ow.ly/Z34i50RikiO #ActiveState #TrustedPublisher #PyPI

1
4
5
1
1千
evanderburg's profile picture. Cybersecurity, Privacy, and Tech Leader, Author, Consultant, and Speaker, Opinions are my own.
Eric Vanderburg
 @evanderburg
/02/03

#DeepSeek’s popularity exploited to push malicious packages via #PyPI securitytc.com/THlZ6L

evanderburg's tweet image. #DeepSeek’s popularity exploited to push malicious packages via #PyPI securitytc.com/THlZ6L
0
0
1
0
79
the_yellow_fall's profile picture. Welcome to the Daily Cybersecurity site, your trusted source for cybersecurity news and insights since 2017!
Gray Hats
 @the_yellow_fall
/09/22

A new supply chain attack on PyPI is delivering SilentSync, a Python RAT. The malware steals credentials and files from developers' systems. #PyPI #SupplyChainAttack #Python #Malware #Cybersecurity securityonline.info/pypi-under-att…

the_yellow_fall's tweet card. A new supply chain attack on PyPI is delivering SilentSync, a Python RAT. The malware steals credentials and files from developers' systems.
PyPI Under Attack: New Malware 'SilentSync' Is Stealing Credentials
ソース: securityonline.info
0
3
3
1
550
lazarusholic's profile picture. a big fan of lazarus.
lazarusholic
 @lazarusholic
2024/07/08

"揭秘APT-C-26(Lazarus)组织利用PyPI对Windows、Linux和macOS平台的攻击行动" published by Qihoo360. #APT-C-26, #PyPI, #CTI, #OSINT, #LAZARUS mp.weixin.qq.com/s?__biz=MzUyMj…

0
7
19
7
1千
jfrog's profile picture. Driven by a “Liquid Software” vision, the JFrog Software Supply Chain Platform powers organizations to build, manage, and distribute software quickly & securely
JFrog
@jfrog
2024/09/04

🚨Over 22k packages are vulnerable (or over 120k by looser measurement) to a new #SoftwareSupplyChain attack vector: Hijacking abandoned #PyPI packages. Potentially critical for orgs relying on abandoned packages, learn more about our team's discovery: jfrog.co/4gpsbUH

jfrog's tweet image. 🚨Over 22k packages are vulnerable (or over 120k by looser measurement) to a new #SoftwareSupplyChain attack vector: Hijacking abandoned #PyPI packages. Potentially critical for orgs relying on abandoned packages, learn more about our team's discovery: jfrog.co/4gpsbUH
0
3
8
0
373
jfrog's profile picture. Driven by a “Liquid Software” vision, the JFrog Software Supply Chain Platform powers organizations to build, manage, and distribute software quickly & securely
JFrog
@jfrog
2024/09/05

"This attack technique involves hijacking PyPI software packages by manipulating the option to re-register them once they're removed from #PyPI's index by the original owner," JFrog security researchers Andrey Polkovnychenko & Brian Moussalli Learn more: jfrog.co/4cSgBOK

jfrog's tweet image. "This attack technique involves hijacking PyPI software packages by manipulating the option to re-register them once they're removed from #PyPI's index by the original owner," JFrog security researchers Andrey Polkovnychenko & Brian Moussalli Learn more: jfrog.co/4cSgBOK
0
2
5
0
265
HackRead's profile picture. The Twitter account of the most reliable cybersecurity news platform brings exclusive dark web, tech, hacking news, and much more. Contact: admin@hackread.com.
Hackread.com
 @HackRead
/09/24

🪝 The Python Software Foundation (PSF) warns developers of phishing emails leading to a fake #PyPI login site designed to steal account credentials. Read: hackread.com/psf-warn-fake-… #CyberSecurity #Phishing #Python #Developers #InfoSec

HackRead's tweet card. Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread
PSF Warns of Fake PyPI Login Site Stealing User Credentials
ソース: hackread.com
0
1
6
0
797
omvapt's profile picture. We Secure Risk- Information Security by Consciousness.
omvapt
 @omvapt
/10/15

#npm, #PyPI, and #RubyGems Packages Found Sending #Developer Data to #Discord Channels ift.tt/STKr63H

omvapt's tweet image. #npm, #PyPI, and #RubyGems Packages Found Sending #Developer Data to #Discord Channels ift.tt/STKr63H
0
0
0
0
26
armanfixing's profile picture. A professional web scraper and data extraction expert with years of hands-on experience in turning the web’s scattered data into structured, actionable insights
Arman Hossain
 @armanfixing
/10/12

🎉 Launched my first package on #PyPI C-based HTTP client for #Python that mimics browser #fingerprint to bypass SSL blocks. ✅ Python 3.8-3.14 ✅ Linux, Windows, macOS ✅ 270 test cases ✅ requests compatible PyPI: pypi.org/project/httpmo… Github: github.com/arman-bd/httpm…

armanfixing's tweet image. 🎉 Launched my first package on #PyPI C-based HTTP client for #Python that mimics browser #fingerprint to bypass SSL blocks. ✅ Python 3.8-3.14 ✅ Linux, Windows, macOS ✅ 270 test cases ✅ requests compatible PyPI: pypi.org/project/httpmo… Github: github.com/arman-bd/httpm…
1
0
1
0
53
3DCharacterArt's profile picture. An artist and coder trying as I might to bring it all together… #C++ #Python #SwiftUI #VSCode #Blender #Fusion
Unicorn-1
 @3DCharacterArt
/10/10

Just a little note for anyone interested... Running ```pip-audit``` revealed a #vulnerability in pip25.2 with no #PyPI database update available yet. The immediate fix is a manual patch update to pip 25.3.dev0 - #Development version. #python #python3 #pip #pip3 #pipx #security

0
0
1
0
29
ScarabOfficial's profile picture. | Radio | Television | Film | Tech Guru | ~ Sometimes I do stuff with my voice ~ Keeping my promise. Waiting forever. Love of my Life, my M 🇮🇹❤️❤️2009~∞
Scarab
 @ScarabOfficial
/10/08

Don't be surprised if you have crashing issues with xformers 0.0.33.dev1085. Stick to the dev1083 release for now, would be my recommendation, unless you know better. #xformers #Python #pypi #PythonLibraries #Attention #GenerativeAI #AIcoding

0
0
0
0
62
jfrog's profile picture. Driven by a “Liquid Software” vision, the JFrog Software Supply Chain Platform powers organizations to build, manage, and distribute software quickly & securely
JFrog
@jfrog
/10/07

🚨 A malicious #PyPI package, #soopsocks, has already infected 2,600+ systems. Get the breakdown on how it works, the red flags to watch for, and steps to prevent similar #SoftwareSupplyChain threats, research powered by JFrog. 🔗 Learn more: bit.ly/48dS1cx

jfrog's tweet card. More than 2,600 systems have already been breached with the nefarious soopsocks package on the Python Package Index repository, which purports to enable SOCKS5 proxy service creation but actually...
Thousands of systems hit by illicit PyPI package
ソース: scworld.com
0
2
2
0
222
flamepycrack_'s profile picture. Experts in Crypto Investigations & Tech Solutions Tackling digital challenges in 149+ https://t.co/H4rHkPqHm6. Strategic. Global. Flamepycrack ⚡️
FLAMEPYCRACK
 @flamepycrack_
/10/04

The malicious PyPI package SoopSocks masqueraded as a SOCKS5 proxy but secretly installed a Go-based backdoor with SYSTEM privileges, leaking system data to a Discord webhook. #SoopSocks #PyPI #SupplyChain #Backdoor #Cybersecurity securityonline.info/backdoor-disgu…

flamepycrack_'s tweet card. The malicious PyPI package SoopSocks masqueraded as a SOCKS5 proxy but secretly installed a Go-based backdoor with SYSTEM privileges, leaking system data to a Discord webhook.
Backdoor Disguised as SOCKS5 Proxy: Malicious PyPI Package SoopSocks Grants Root Access
ソース: securityonline.info
0
0
3
0
54
LGaneline's profile picture.
Leonid Ganeline
 @LGaneline
/10/03

The #HuggingFace hosted models are added to the 🦉🫥 PDF Anonymizer (see the #PyPi pdf-anonymizer-cli). I'm adding more LLM options. #anonymizer

0
0
0
0
10
SecurEpitome's profile picture. A Security Services Organization
SecurEpitome
 @SecurEpitome
/10/03

🚨 Alert: Malicious PyPI package soopsocks infected 2,653 systems before takedown. Python developers, update & audit dependencies now! ⚠️ #CyberSecurity #PyPI #Malware #SupplyChainAttack

SecurEpitome's tweet image. 🚨 Alert: Malicious PyPI package soopsocks infected 2,653 systems before takedown. Python developers, update & audit dependencies now! ⚠️ #CyberSecurity #PyPI #Malware #SupplyChainAttack
0
0
2
0
20
MeridianEU's profile picture. Beyond Cyber Security | Defensive, Offensive, and Investigative core of Cyber Digital Intelligence.
Meridian Group
 @MeridianEU
/10/02

Malicious #PyPI package #soopsocks (2,653 downloads) posed as a SOCKS5 proxy but deployed a Go executable with PowerShell payloads. It modified firewall rules, established persistence, and exfiltrated data via a Discord webhook.

MeridianEU's tweet image. Malicious #PyPI package #soopsocks (2,653 downloads) posed as a SOCKS5 proxy but deployed a Go executable with PowerShell payloads. It modified firewall rules, established persistence, and exfiltrated data via a Discord webhook.
0
0
0
0
82
daniyal06110491's profile picture. CEO / Managing Director at SeavyCloud Python/Django Engineer with 7+ years of experience in web application development. Contact : +923213701736
Daniyal Akhtar
 @daniyal06110491
/09/30

🚀 Just published my Python package django-template-integrator==1.0.1 on PyPI! One command to auto-integrate HTML templates into Django (templates/ & static/). Save hours of setup! 👉 pip install django-template-integrator==1.0.1 #Django #Python #PyPI

0
0
0
0
2
infosecmedia_'s profile picture. Проект Cyber Media рассказывает о последних новостях и тенденциях в сфере информационной безопасности и технологий.
Cyber Media
 @infosecmedia_
/09/29

Аналитики Python Software Foundation зафиксировали новую волну фишинга, нацеленного на пользователей и мейнтейнеров PyPI - популярного репозитория для Python-пакетов: securitymedia.org/news/fishingov… #Python #Software #PyPI #infosecurity #CyberMedia

infosecmedia_'s tweet image. Аналитики Python Software Foundation зафиксировали новую волну фишинга, нацеленного на пользователей и мейнтейнеров PyPI - популярного репозитория для Python-пакетов: securitymedia.org/news/fishingov… #Python #Software #PyPI #infosecurity #CyberMedia
0
0
0
0
9
xcybersecnews's profile picture. Navigating the digital frontier, securing tomorrow with every click
X CyberSec
@xcybersecnews
/09/29

🚨 PSA for developers! The PSF warns of a convincing fake PyPI login site designed to steal your credentials. Always double-check URLs before logging in! #PyPI #CyberSecurity hackread.com/psf-warn-fake-…

xcybersecnews's tweet card. Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread
PSF Warns of Fake PyPI Login Site Stealing User Credentials
ソース: hackread.com
0
0
0
0
7
xavierfiechter's profile picture. I'm building @labelbase_space, the all-in-one label and coin control management service for Bitcoin, and focusing on other projects related to BIP-329.
Xavier "The Label Guy" Fiechter
@xavierfiechter
/09/26

🎉 Just published bip329 v1.0.0 to PyPI! pip install bip329==1.0.0 #Python #PyPI #OpenSource #bip329

xavierfiechter's tweet image. 🎉 Just published bip329 v1.0.0 to PyPI! pip install bip329==1.0.0 #Python #PyPI #OpenSource #bip329
1
1
3
0
126
bzvr_'s profile picture. Senior Security Researcher @ Kaspersky, GReAT | Drovosec CTF team | Tweets are my own
Leonid Bezvershenko
@bzvr_
/11/20

🚨 We discovered two malicious Python packages in #PyPI repository that remained undetected for over a year. These packages mimicked tools for working with popular AI language models (#ChatGPT and #Claude), silently exfiltrating data and compromising developer environments.…

bzvr_'s tweet image. 🚨 We discovered two malicious Python packages in #PyPI repository that remained undetected for over a year. These packages mimicked tools for working with popular AI language models (#ChatGPT and #Claude), silently exfiltrating data and compromising developer environments.…
15
275
968
364
159千
SethKingHi's profile picture. Senior Security Researcher @kaspersky GReAT, tweets and opinions are my own.
SKII
@SethKingHi
/07/24

#OceanLotus #APT32 #PyPi uuid32_utils-1.x.x-py3-none-win32.whl cf3f59e2c4c8767697ea46475171697c 91a476fea45abc8b208e0a9e3293f774 a7a0add66b205967562c1fa9643b8421 22538214a3c917ff3b13a9e2035ca521 02f4701559fc40067e69bb426776a54f 5598baa59c716590d8841c6312d8349e Backward.dll…

SethKingHi's tweet image. #OceanLotus #APT32 #PyPi uuid32_utils-1.x.x-py3-none-win32.whl cf3f59e2c4c8767697ea46475171697c 91a476fea45abc8b208e0a9e3293f774 a7a0add66b205967562c1fa9643b8421 22538214a3c917ff3b13a9e2035ca521 02f4701559fc40067e69bb426776a54f 5598baa59c716590d8841c6312d8349e Backward.dll…
SethKingHi's tweet image. #OceanLotus #APT32 #PyPi uuid32_utils-1.x.x-py3-none-win32.whl cf3f59e2c4c8767697ea46475171697c 91a476fea45abc8b208e0a9e3293f774 a7a0add66b205967562c1fa9643b8421 22538214a3c917ff3b13a9e2035ca521 02f4701559fc40067e69bb426776a54f 5598baa59c716590d8841c6312d8349e Backward.dll…
SethKingHi's tweet image. #OceanLotus #APT32 #PyPi uuid32_utils-1.x.x-py3-none-win32.whl cf3f59e2c4c8767697ea46475171697c 91a476fea45abc8b208e0a9e3293f774 a7a0add66b205967562c1fa9643b8421 22538214a3c917ff3b13a9e2035ca521 02f4701559fc40067e69bb426776a54f 5598baa59c716590d8841c6312d8349e Backward.dll…
2
6
22
2
3千
xavierfiechter's profile picture. I'm building @labelbase_space, the all-in-one label and coin control management service for Bitcoin, and focusing on other projects related to BIP-329.
Xavier "The Label Guy" Fiechter
@xavierfiechter
/09/26

🎉 Just published bip329 v1.0.0 to PyPI! pip install bip329==1.0.0 #Python #PyPI #OpenSource #bip329

xavierfiechter's tweet image. 🎉 Just published bip329 v1.0.0 to PyPI! pip install bip329==1.0.0 #Python #PyPI #OpenSource #bip329
1
1
3
0
126
unit42_jp's profile picture. パロアルトネットワークス(@PaloAltoNtwksJP) のスレットインテリジェンス & セキュリティコンサルティングチーム Unit 42 から最新のリサーチレポートとニュースをお伝えします。
Unit 42 Japan
 @unit42_jp
2023/07/13

#PyPI 上に悪意のあるパッケージが6つ見つかりました。背後にいる攻撃者は #W4SP の攻撃を模倣し、ユーザークレデンシャル、暗号ウォレット データなどを窃取していました。オープンソース エコシステムに台頭しつつある脅威の動向を解説します。 bit.ly/44CjShk

unit42_jp's tweet image. #PyPI 上に悪意のあるパッケージが6つ見つかりました。背後にいる攻撃者は #W4SP の攻撃を模倣し、ユーザークレデンシャル、暗号ウォレット データなどを窃取していました。オープンソース エコシステムに台頭しつつある脅威の動向を解説します。 bit.ly/44CjShk
0
5
8
1
2千
sekoia_io's profile picture. A #SOCplatform boosted by #AI and #threatintelligence, combining #SIEM, #SOAR, #Automation in a single solution. Used by End-users, MSSP and APIs
Sekoia.io
 @sekoia_io
2023/02/24

💣 Among others, @sekoia_io discovered yesterday 55 #PyPI malicious packages pushed by the same Threat actor. It's not the first time that we are seeing this actor pushing this kind of malicious packages. PyPI contacted and packages removed 👌 Related packages and IoCs below ↘️

sekoia_io's tweet image. 💣 Among others, @sekoia_io discovered yesterday 55 #PyPI malicious packages pushed by the same Threat actor. It's not the first time that we are seeing this actor pushing this kind of malicious packages. PyPI contacted and packages removed 👌 Related packages and IoCs below ↘️
1
30
71
15
15千
plastic96_'s profile picture. • Speak English, Chinese & Ancient Greek • Taught Jimi Hendrix how to play guitar • Been on the moon, twice • Responsible
Akshita Dixit
 @plastic96_
2024/08/24

I was annoyed of having to write README files for my projects. So I went ahead and created a CLI tool to auto-generate README files for any project regardless of programming language! 📜✨ It creates a comprehensive README based on your project. Check it out on #PyPI and #npm

plastic96_'s tweet image. I was annoyed of having to write README files for my projects. So I went ahead and created a CLI tool to auto-generate README files for any project regardless of programming language! 📜✨ It creates a comprehensive README based on your project. Check it out on #PyPI and #npm
plastic96_'s tweet image. I was annoyed of having to write README files for my projects. So I went ahead and created a CLI tool to auto-generate README files for any project regardless of programming language! 📜✨ It creates a comprehensive README based on your project. Check it out on #PyPI and #npm
18
11
134
76
12千
JFrogSecurity's profile picture. The JFrog Security Research Team empowers developers and companies to excel by identifying, prioritizing, and mitigating software risks.
JFrog Security
@JFrogSecurity
2024/09/04

🚨Over 22k packages are vulnerable (or over 120k by looser measurement) to a new #SoftwareSupplyChain attack vector: Hijacking abandoned #PyPI packages. Potentially critical for orgs relying on abandoned packages, learn more about our team's discovery: jfrog.co/4gpsbUH

JFrogSecurity's tweet image. 🚨Over 22k packages are vulnerable (or over 120k by looser measurement) to a new #SoftwareSupplyChain attack vector: Hijacking abandoned #PyPI packages. Potentially critical for orgs relying on abandoned packages, learn more about our team's discovery: jfrog.co/4gpsbUH
1
8
12
0
739
securestep9's profile picture. @OWASPLondon Chapter Leader (#OWASP #OWASPLondon). OWASP Board Member. Application Security (#AppSec) Consultant. OWASP Nettacker Project co-leader. #CISSP
Sam Stepanyan
 @securestep9
2024/07/15

#GitHub Token Accidental Leak Exposes the #Python Language, #PyPI and the Python Software Foundation (PSF) Repositories to Potential Attacks: 👇 thehackernews.com/2024/07/github…

securestep9's tweet image. #GitHub Token Accidental Leak Exposes the #Python Language, #PyPI and the Python Software Foundation (PSF) Repositories to Potential Attacks: 👇 thehackernews.com/2024/07/github…
0
1
2
0
221
pypi's profile picture. The Python Package Index (PyPI) is the repository of software for the Python programming language. Pronounced 🥧 🫛 👁️
Python Package Index
 @pypi
2024/02/14

Looking back at 2023 @mikefiedler discovered some impressive metrics that we want to share! @fastly #PyPI #pytho

pypi's tweet image. Looking back at 2023 @mikefiedler discovered some impressive metrics that we want to share! @fastly #PyPI #pytho
2
11
29
3
20千
ReversingLabs's profile picture. ReversingLabs is the trusted name in file and software security. RL - Trust Delivered.
ReversingLabs
@ReversingLabs
/03/13

⚠️🧵 RL researchers detected a new malicious campaign targeting #PyPI users. Several packages are pretending to be "time" related utilities, but are actually used to steal sensitive data like cloud tokens.

ReversingLabs's tweet image. ⚠️🧵 RL researchers detected a new malicious campaign targeting #PyPI users. Several packages are pretending to be "time" related utilities, but are actually used to steal sensitive data like cloud tokens.
1
18
44
13
8千
ggdaniel's profile picture. La ciberseguridad es una cosa jodida. Soy un freelance ayudando a empresas a que no se lleven sustos desagradables
cr0hn
 @ggdaniel
2023/05/21

Pypi is having severe problems with malware and malicious projects 😞🤬 be careful #python #pypi

ggdaniel's tweet image. Pypi is having severe problems with malware and malicious projects 😞🤬 be careful #python #pypi
0
2
1
0
470
securestep9's profile picture. @OWASPLondon Chapter Leader (#OWASP #OWASPLondon). OWASP Board Member. Application Security (#AppSec) Consultant. OWASP Nettacker Project co-leader. #CISSP
Sam Stepanyan
 @securestep9
2024/03/28

#Python: #PyPI temporarily shuts down new project creation and new user registration to mitigate an ongoing #malware upload campaign:

securestep9's tweet image. #Python: #PyPI temporarily shuts down new project creation and new user registration to mitigate an ongoing #malware upload campaign:
0
8
6
0
827
securestep9's profile picture. @OWASPLondon Chapter Leader (#OWASP #OWASPLondon). OWASP Board Member. Application Security (#AppSec) Consultant. OWASP Nettacker Project co-leader. #CISSP
Sam Stepanyan
 @securestep9
2023/12/13

#PyPI A good blog post with analysis of #malicious #Python packages in PyPI by the @eset research team: #SoftwareSupplyChainSecurity 👇 welivesecurity.com/en/eset-resear…

securestep9's tweet image. #PyPI A good blog post with analysis of #malicious #Python packages in PyPI by the @eset research team: #SoftwareSupplyChainSecurity 👇 welivesecurity.com/en/eset-resear…
0
3
7
0
334
DissectMalware's profile picture. Senior Security Engineer @Amazon. Ex Assistant Professor. Opinions are mine; not my employer's. DM is open. Author of xlmdeobfuscator and https://t.co/eh1fMHMADE
Malwrologist
@DissectMalware
2023/02/13

#pyOneNote v0.0.1 is now on #PyPI pip install pyonenote It prints: 1⃣ header fields 2⃣ all metadata (i.e. all PropertySets such as jcidEmbeddedFileNode, jcidImageNode) 3⃣ embedded files and also dumps all embedded files github.com/DissectMalware… related

DissectMalware's tweet image. #pyOneNote v0.0.1 is now on #PyPI pip install pyonenote It prints: 1⃣ header fields 2⃣ all metadata (i.e. all PropertySets such as jcidEmbeddedFileNode, jcidImageNode) 3⃣ embedded files and also dumps all embedded files github.com/DissectMalware… related
DissectMalware's tweet image. #pyOneNote v0.0.1 is now on #PyPI pip install pyonenote It prints: 1⃣ header fields 2⃣ all metadata (i.e. all PropertySets such as jcidEmbeddedFileNode, jcidImageNode) 3⃣ embedded files and also dumps all embedded files github.com/DissectMalware… related
DissectMalware's tweet image. #pyOneNote v0.0.1 is now on #PyPI pip install pyonenote It prints: 1⃣ header fields 2⃣ all metadata (i.e. all PropertySets such as jcidEmbeddedFileNode, jcidImageNode) 3⃣ embedded files and also dumps all embedded files github.com/DissectMalware… related
DissectMalware's profile picture. Senior Security Engineer @Amazon. Ex Assistant Professor. Opinions are mine; not my employer's. DM is open. Author of xlmdeobfuscator and https://t.co/eh1fMHMADE
Malwrologist
@DissectMalware
2023/02/06

Let me introduce you to #pyOneNote v0.0.1; a pure python library to parse #one file format: github.com/DissectMalware… Covers 20 out of 38 FileNode types E.g.: .one in 835239c095e966bf6037f5755b0c4ed333a163f5cc19ba0bc50ea3c96e0f1628

DissectMalware's tweet image. Let me introduce you to #pyOneNote v0.0.1; a pure python library to parse #one file format: github.com/DissectMalware… Covers 20 out of 38 FileNode types E.g.: .one in 835239c095e966bf6037f5755b0c4ed333a163f5cc19ba0bc50ea3c96e0f1628
DissectMalware's tweet image. Let me introduce you to #pyOneNote v0.0.1; a pure python library to parse #one file format: github.com/DissectMalware… Covers 20 out of 38 FileNode types E.g.: .one in 835239c095e966bf6037f5755b0c4ed333a163f5cc19ba0bc50ea3c96e0f1628
DissectMalware's tweet image. Let me introduce you to #pyOneNote v0.0.1; a pure python library to parse #one file format: github.com/DissectMalware… Covers 20 out of 38 FileNode types E.g.: .one in 835239c095e966bf6037f5755b0c4ed333a163f5cc19ba0bc50ea3c96e0f1628
DissectMalware's tweet image. Let me introduce you to #pyOneNote v0.0.1; a pure python library to parse #one file format: github.com/DissectMalware… Covers 20 out of 38 FileNode types E.g.: .one in 835239c095e966bf6037f5755b0c4ed333a163f5cc19ba0bc50ea3c96e0f1628
7
77
160
42
81千
7
37
116
24
43千
CheckPointSW's profile picture. You deserve the best security. Get the protection you need against AI-driven cyber attacks.
Check Point Software
@CheckPointSW
2023/03/20

Is it possible to encounter #malware on #PyPI? Learn how CloudGuard Spectralops.io - A Check Point Solution detected a malicious package on the leading #Python repository: bit.ly/3Zgo5V7

CheckPointSW's tweet image. Is it possible to encounter #malware on #PyPI? Learn how CloudGuard Spectralops.io - A Check Point Solution detected a malicious package on the leading #Python repository: bit.ly/3Zgo5V7
0
13
2
0
970
socradar's profile picture. Your Eyes Beyond 👁 | Transform Your Risk Perspective
SOCRadar®
@socradar
2023/09/28

🔍Researchers have discovered a concerning surge in deceptive #npm and #PyPI packages distributed as part of a malicious campaign, aimed at extracting #Kubernetes configurations and #SSH keys. Read more👇 socradar.io/new-campaign-d… #cybersecurity #devops #supplychain #datatheft

socradar's tweet image. 🔍Researchers have discovered a concerning surge in deceptive #npm and #PyPI packages distributed as part of a malicious campaign, aimed at extracting #Kubernetes configurations and #SSH keys. Read more👇 socradar.io/new-campaign-d… #cybersecurity #devops #supplychain #datatheft
0
1
3
0
692
fastly's profile picture. Get more powerful websites and applications with Fastly’s edge cloud platform. We help places like Reddit, Epic Games, the NYT, and GitHub do so every day.
Fastly
@fastly
/09/17

How do you optimize package delivery for 950,000+ Python developers? Check out how we're using Individual Provider Anycast to power platforms like @PyPI, where small improvements × billions of requests = massive impact! fastly.com/blog/powering-… #fastforward #pypi

fastly's tweet image. How do you optimize package delivery for 950,000+ Python developers? Check out how we're using Individual Provider Anycast to power platforms like @PyPI, where small improvements × billions of requests = massive impact! fastly.com/blog/powering-… #fastforward #pypi
0
0
1
0
515

Something went wrong.


Something went wrong.


United States Trends