#pypi 검색 결과
🚨 We discovered two malicious Python packages in #PyPI repository that remained undetected for over a year. These packages mimicked tools for working with popular AI language models (#ChatGPT and #Claude), silently exfiltrating data and compromising developer environments.…

I was annoyed of having to write README files for my projects. So I went ahead and created a CLI tool to auto-generate README files for any project regardless of programming language! 📜✨ It creates a comprehensive README based on your project. Check it out on #PyPI and #npm


#OceanLotus #APT32 #PyPi uuid32_utils-1.x.x-py3-none-win32.whl cf3f59e2c4c8767697ea46475171697c 91a476fea45abc8b208e0a9e3293f774 a7a0add66b205967562c1fa9643b8421 22538214a3c917ff3b13a9e2035ca521 02f4701559fc40067e69bb426776a54f 5598baa59c716590d8841c6312d8349e Backward.dll…



How do you optimize package delivery for 950,000+ Python developers? Check out how we're using Individual Provider Anycast to power platforms like @PyPI, where small improvements × billions of requests = massive impact! fastly.com/blog/powering-… #fastforward #pypi

🚨Over 22k packages are vulnerable (or over 120k by looser measurement) to a new #SoftwareSupplyChain attack vector: Hijacking abandoned #PyPI packages. Potentially critical for orgs relying on abandoned packages, learn more about our team's discovery: jfrog.co/4gpsbUH

⚠️🧵 RL threat researchers detected an impersonation attempt targeting a popular #PyPI cloudscraper package with more than 50M downloads. It has the suffix "safe" added, but it is all but safe: secure.software/pypi/packages/…

It's been a busy day for us! ⚠️🧵 RL's automated detection system flagged a new malicious #PyPI package: secure.software/pypi/packages/… While name would suggest this is a ChatGPT related project, it actually contains a #malware loader.

PyPI Warns of Ongoing Phishing Campaign Using Fake Verification Emails and Lookalike Domain dlvr.it/TMkqLV #PyPI #Phishing #CyberSecurity #EmailScam #Python

This is done by Termspark 🔥 Text blink, italic text and more styles support on next release (1.7.0) Wait for it! #python #pypi #opensource
🎉 ActiveState is pleased to announce our inclusion as a Trusted Publisher to PyPI, enabling Python authors to securely publish Python packages directly via ActiveState’s Platform. Become a trusted author today: ow.ly/Z34i50RikiO #ActiveState #TrustedPublisher #PyPI
"Fake recruiter coding tests target devs with malicious Python packages" published by ReversingLabs. #Lazarus, #PyPI, #VMConnect, #DPRK, #CTI reversinglabs.com/blog/fake-recr…
A new supply chain attack on PyPI is delivering SilentSync, a Python RAT. The malware steals credentials and files from developers' systems. #PyPI #SupplyChainAttack #Python #Malware #Cybersecurity securityonline.info/pypi-under-att…
파이썬 개발자 가짜 PyPI 사이트 피싱 사기 주의 wezard4u.tistory.com/429604 #파이썬 #pypi #피싱
🚨Over 22k packages are vulnerable (or over 120k by looser measurement) to a new #SoftwareSupplyChain attack vector: Hijacking abandoned #PyPI packages. Potentially critical for orgs relying on abandoned packages, learn more about our team's discovery: jfrog.co/4gpsbUH

"揭秘APT-C-26(Lazarus)组织利用PyPI对Windows、Linux和macOS平台的攻击行动" published by Qihoo360. #APT-C-26, #PyPI, #CTI, #OSINT, #LAZARUS mp.weixin.qq.com/s?__biz=MzUyMj…
"This attack technique involves hijacking PyPI software packages by manipulating the option to re-register them once they're removed from #PyPI's index by the original owner," JFrog security researchers Andrey Polkovnychenko & Brian Moussalli Learn more: jfrog.co/4cSgBOK

🪝 The Python Software Foundation (PSF) warns developers of phishing emails leading to a fake #PyPI login site designed to steal account credentials. Read: hackread.com/psf-warn-fake-… #CyberSecurity #Phishing #Python #Developers #InfoSec
#npm, #PyPI, and #RubyGems Packages Found Sending #Developer Data to #Discord Channels ift.tt/STKr63H

🎉 Launched my first package on #PyPI C-based HTTP client for #Python that mimics browser #fingerprint to bypass SSL blocks. ✅ Python 3.8-3.14 ✅ Linux, Windows, macOS ✅ 270 test cases ✅ requests compatible PyPI: pypi.org/project/httpmo… Github: github.com/arman-bd/httpm…

Just a little note for anyone interested... Running ```pip-audit``` revealed a #vulnerability in pip25.2 with no #PyPI database update available yet. The immediate fix is a manual patch update to pip 25.3.dev0 - #Development version. #python #python3 #pip #pip3 #pipx #security
Don't be surprised if you have crashing issues with xformers 0.0.33.dev1085. Stick to the dev1083 release for now, would be my recommendation, unless you know better. #xformers #Python #pypi #PythonLibraries #Attention #GenerativeAI #AIcoding
🚨 A malicious #PyPI package, #soopsocks, has already infected 2,600+ systems. Get the breakdown on how it works, the red flags to watch for, and steps to prevent similar #SoftwareSupplyChain threats, research powered by JFrog. 🔗 Learn more: bit.ly/48dS1cx
🚨 We discovered two malicious Python packages in #PyPI repository that remained undetected for over a year. These packages mimicked tools for working with popular AI language models (#ChatGPT and #Claude), silently exfiltrating data and compromising developer environments.…

#OceanLotus #APT32 #PyPi uuid32_utils-1.x.x-py3-none-win32.whl cf3f59e2c4c8767697ea46475171697c 91a476fea45abc8b208e0a9e3293f774 a7a0add66b205967562c1fa9643b8421 22538214a3c917ff3b13a9e2035ca521 02f4701559fc40067e69bb426776a54f 5598baa59c716590d8841c6312d8349e Backward.dll…



💣 Among others, @sekoia_io discovered yesterday 55 #PyPI malicious packages pushed by the same Threat actor. It's not the first time that we are seeing this actor pushing this kind of malicious packages. PyPI contacted and packages removed 👌 Related packages and IoCs below ↘️

#PyPI 上に悪意のあるパッケージが6つ見つかりました。背後にいる攻撃者は #W4SP の攻撃を模倣し、ユーザークレデンシャル、暗号ウォレット データなどを窃取していました。オープンソース エコシステムに台頭しつつある脅威の動向を解説します。 bit.ly/44CjShk

🚨Over 22k packages are vulnerable (or over 120k by looser measurement) to a new #SoftwareSupplyChain attack vector: Hijacking abandoned #PyPI packages. Potentially critical for orgs relying on abandoned packages, learn more about our team's discovery: jfrog.co/4gpsbUH

I was annoyed of having to write README files for my projects. So I went ahead and created a CLI tool to auto-generate README files for any project regardless of programming language! 📜✨ It creates a comprehensive README based on your project. Check it out on #PyPI and #npm


#GitHub Token Accidental Leak Exposes the #Python Language, #PyPI and the Python Software Foundation (PSF) Repositories to Potential Attacks: 👇 thehackernews.com/2024/07/github…

Looking back at 2023 @mikefiedler discovered some impressive metrics that we want to share! @fastly #PyPI #pytho

⚠️🧵 RL researchers detected a new malicious campaign targeting #PyPI users. Several packages are pretending to be "time" related utilities, but are actually used to steal sensitive data like cloud tokens.


#Python: #PyPI temporarily shuts down new project creation and new user registration to mitigate an ongoing #malware upload campaign:

Is it possible to encounter #malware on #PyPI? Learn how CloudGuard Spectralops.io - A Check Point Solution detected a malicious package on the leading #Python repository: bit.ly/3Zgo5V7

#PyPI A good blog post with analysis of #malicious #Python packages in PyPI by the @eset research team: #SoftwareSupplyChainSecurity 👇 welivesecurity.com/en/eset-resear…

#pyOneNote v0.0.1 is now on #PyPI pip install pyonenote It prints: 1⃣ header fields 2⃣ all metadata (i.e. all PropertySets such as jcidEmbeddedFileNode, jcidImageNode) 3⃣ embedded files and also dumps all embedded files github.com/DissectMalware… related



Let me introduce you to #pyOneNote v0.0.1; a pure python library to parse #one file format: github.com/DissectMalware… Covers 20 out of 38 FileNode types E.g.: .one in 835239c095e966bf6037f5755b0c4ed333a163f5cc19ba0bc50ea3c96e0f1628




🔍Researchers have discovered a concerning surge in deceptive #npm and #PyPI packages distributed as part of a malicious campaign, aimed at extracting #Kubernetes configurations and #SSH keys. Read more👇 socradar.io/new-campaign-d… #cybersecurity #devops #supplychain #datatheft

⚠️🧵 RL threat researchers detected an impersonation attempt targeting a popular #PyPI cloudscraper package with more than 50M downloads. It has the suffix "safe" added, but it is all but safe: secure.software/pypi/packages/…

Something went wrong.
Something went wrong.
United States Trends
- 1. Good Friday 47.6K posts
- 2. #FridayVibes 4,538 posts
- 3. #FanCashDropPromotion N/A
- 4. Dorado 4,314 posts
- 5. Cuomo 105K posts
- 6. Mamdani 254K posts
- 7. Happy Friyay N/A
- 8. Justice 343K posts
- 9. Flacco 99.1K posts
- 10. #FridayMotivation 3,186 posts
- 11. Finally Friday 2,251 posts
- 12. Red Friday 2,262 posts
- 13. Shabbat Shalom 1,766 posts
- 14. #Talus_Labs N/A
- 15. Melly 3,922 posts
- 16. New Yorkers 46K posts
- 17. #WhoDidTheBody 1,859 posts
- 18. Pence 94.9K posts
- 19. Arc Raiders 3,376 posts
- 20. Bolton 250K posts