#pypi 검색 결과
We @nextronresearch scan many public repos like npm, pypi, vscode marketplace etc. And we find a lot of shitty malware :) Example: pypi.org/project/multit… SHA256: 79cc98d0831e7b6a191000ec997ebc1853b1f6cc1190dbb855b97d7bf418c287 #PyPi
I was annoyed of having to write README files for my projects. So I went ahead and created a CLI tool to auto-generate README files for any project regardless of programming language! 📜✨ It creates a comprehensive README based on your project. Check it out on #PyPI and #npm
🚨 We discovered two malicious Python packages in #PyPI repository that remained undetected for over a year. These packages mimicked tools for working with popular AI language models (#ChatGPT and #Claude), silently exfiltrating data and compromising developer environments.…
⚠️🧵 RL threat researchers detected an impersonation attempt targeting a popular #PyPI cloudscraper package with more than 50M downloads. It has the suffix "safe" added, but it is all but safe: secure.software/pypi/packages/…
PyPI serves billions of requests daily- but sustaining it isn’t free. The PSF joined the OpenSSF & others in calling for organizations to invest in sustainable open infrastructure. Learn what this means for #PyPI, the PSF, & how our community can pitch in: pyfound.blogspot.com/2025/10/open-i…
🚨Over 22k packages are vulnerable (or over 120k by looser measurement) to a new #SoftwareSupplyChain attack vector: Hijacking abandoned #PyPI packages. Potentially critical for orgs relying on abandoned packages, learn more about our team's discovery: jfrog.co/4gpsbUH
#OceanLotus #APT32 #PyPi uuid32_utils-1.x.x-py3-none-win32.whl cf3f59e2c4c8767697ea46475171697c 91a476fea45abc8b208e0a9e3293f774 a7a0add66b205967562c1fa9643b8421 22538214a3c917ff3b13a9e2035ca521 02f4701559fc40067e69bb426776a54f 5598baa59c716590d8841c6312d8349e Backward.dll…
It's been a busy day for us! ⚠️🧵 RL's automated detection system flagged a new malicious #PyPI package: secure.software/pypi/packages/… While name would suggest this is a ChatGPT related project, it actually contains a #malware loader.
🔖 Zenn過去記事投稿 自分だけのライブラリを作ってみよう! 【Pythonで自分だけのクソライブラリを作る方法】 ✅ PyPIへの公開手順を解説 ✅ パッケージ構成のベストプラクティス ✅ 実用的なライブラリ開発のコツ #Python #ライブラリ開発 #PyPI #OSS zenn.dev/karaage0703/ar…
🎉 ActiveState is pleased to announce our inclusion as a Trusted Publisher to PyPI, enabling Python authors to securely publish Python packages directly via ActiveState’s Platform. Become a trusted author today: ow.ly/Z34i50RikiO #ActiveState #TrustedPublisher #PyPI
"Fake recruiter coding tests target devs with malicious Python packages" published by ReversingLabs. #Lazarus, #PyPI, #VMConnect, #DPRK, #CTI reversinglabs.com/blog/fake-recr…
🚨Over 22k packages are vulnerable (or over 120k by looser measurement) to a new #SoftwareSupplyChain attack vector: Hijacking abandoned #PyPI packages. Potentially critical for orgs relying on abandoned packages, learn more about our team's discovery: jfrog.co/4gpsbUH
"This attack technique involves hijacking PyPI software packages by manipulating the option to re-register them once they're removed from #PyPI's index by the original owner," JFrog security researchers Andrey Polkovnychenko & Brian Moussalli Learn more: jfrog.co/4cSgBOK
Sonatype exposes malicious PyPI package ‘pytoileur’ developer-tech.com/news/2024/may/… #python #security #pypi #malware #hacking #infosec #coding #programming #developers #cybersecurity #tech #news #technology
This is done by Termspark 🔥 Text blink, italic text and more styles support on next release (1.7.0) Wait for it! #python #pypi #opensource
🎙️ The latest episode of ConversingLabs #podcast discusses the Spectra Assure Community Badge: A free initiative that certifies trust for #npm, #PyPI, #RubyGems & #NuGet projects. Watch it here: bit.ly/3Jf14j1
A malicious PyPI typosquat (spellcheckers) infected 950+ users. The package deploys an XOR-encrypted Python RAT via a hidden index file, granting full remote execution (exec()) and is linked to crypto scams. #PyPI #SupplyChain #PythonRAT #Cybersecurity securityonline.info/pypi-typosquat…
securityonline.info
PyPI Typosquat Delivers Multi-Layer Python RAT, Bypassing Scanners with XOR Encryption
A malicious PyPI typosquat (spellcheckers) infected 950+ users. The package deploys an XOR-encrypted Python RAT via a hidden index file, granting full remote execution (exec()) and is linked to...
We @nextronresearch scan many public repos like npm, pypi, vscode marketplace etc. And we find a lot of shitty malware :) Example: pypi.org/project/multit… SHA256: 79cc98d0831e7b6a191000ec997ebc1853b1f6cc1190dbb855b97d7bf418c287 #PyPi
⚠️ یک ضعف جدی در #PyPI کشف شد: اسکریپتهای قدیمی #Python هنوز از دامنه رهاشده دانلود میکنن -> ریسک Domain Takeover و حمله #SupplyChain. همزمان، یک بسته مخرب جدید به نام spellcheckers با RAT فعال در PyPI کشف شد. #CyberSecurity #اخبار_امنیت_سایبری 👇 vulnerbyte.com/legacy-python-…
⚠️ Critical alert for #Python devs! Legacy bootstrap scripts are creating a serious domain-takeover risk in multiple PyPI packages. Time to audit your dependencies! #PythonSecurity #PyPI thehackernews.com/2025/11/legacy…
⚠️ RL researchers have discovered vulnerable code in legacy #Python packages that could make possible an attack on #PyPI via a domain compromise. ⬇️ bit.ly/48jatP4
Is anyone else experiencing the “PyPI is down for maintenance or is having an outage” message at the same time as some critical packages are being quarantined? #pypi #Python
Malicious PyPI package spotted stealing users' crypto info. Check your deps and lockfiles, not just your wallet. #infosec #PyPI threatcluster.io/cluster/hacker…
🚀 Just published PyThra v0.1.3 on PyPI! 🎉 My first ever Python package released to the world. A Flutter-like GUI framework for desktop apps, now installable with pip install pythra. pypi.org/project/pythra/ The journey starts here! 💻✨ #Python #OpenSource #PyPI
From the #pydantic #Python library page on #PyPi: '...but the error wasn't raised concistently.' If you have spelling errors in your code as you do in your documentation, then things may not work correctly. Just saying. <rolls eyes>
Imagine how good it would be if pages on #PyPi stated which versions things were built against, so you would know immediately instead of mangling your installations multiple times over while finding out the hard way... #Python #AI
building, and much more! Try it now with a simple pip install cognautic-cli and leverage AI directly in your terminal. #CognauticCLI #PyPI #OpenSource #AI #DeveloperTools #PythonCLI #CodingAssistant #AIForDevelopers
We @nextronresearch scan many public repos like npm, pypi, vscode marketplace etc. And we find a lot of shitty malware :) Example: pypi.org/project/multit… SHA256: 79cc98d0831e7b6a191000ec997ebc1853b1f6cc1190dbb855b97d7bf418c287 #PyPi
🚨 We discovered two malicious Python packages in #PyPI repository that remained undetected for over a year. These packages mimicked tools for working with popular AI language models (#ChatGPT and #Claude), silently exfiltrating data and compromising developer environments.…
#PyPI 上に悪意のあるパッケージが6つ見つかりました。背後にいる攻撃者は #W4SP の攻撃を模倣し、ユーザークレデンシャル、暗号ウォレット データなどを窃取していました。オープンソース エコシステムに台頭しつつある脅威の動向を解説します。 bit.ly/44CjShk
💣 Among others, @sekoia_io discovered yesterday 55 #PyPI malicious packages pushed by the same Threat actor. It's not the first time that we are seeing this actor pushing this kind of malicious packages. PyPI contacted and packages removed 👌 Related packages and IoCs below ↘️
I was annoyed of having to write README files for my projects. So I went ahead and created a CLI tool to auto-generate README files for any project regardless of programming language! 📜✨ It creates a comprehensive README based on your project. Check it out on #PyPI and #npm
⚠️🧵 RL researchers detected a new malicious campaign targeting #PyPI users. Several packages are pretending to be "time" related utilities, but are actually used to steal sensitive data like cloud tokens.
#Python: #PyPI temporarily shuts down new project creation and new user registration to mitigate an ongoing #malware upload campaign:
Looking back at 2023 @mikefiedler discovered some impressive metrics that we want to share! @fastly #PyPI #pytho
🔍Researchers have discovered a concerning surge in deceptive #npm and #PyPI packages distributed as part of a malicious campaign, aimed at extracting #Kubernetes configurations and #SSH keys. Read more👇 socradar.io/new-campaign-d… #cybersecurity #devops #supplychain #datatheft
#PyPI A good blog post with analysis of #malicious #Python packages in PyPI by the @eset research team: #SoftwareSupplyChainSecurity 👇 welivesecurity.com/en/eset-resear…
🚨Over 22k packages are vulnerable (or over 120k by looser measurement) to a new #SoftwareSupplyChain attack vector: Hijacking abandoned #PyPI packages. Potentially critical for orgs relying on abandoned packages, learn more about our team's discovery: jfrog.co/4gpsbUH
Is it possible to encounter #malware on #PyPI? Learn how CloudGuard Spectralops.io - A Check Point Solution detected a malicious package on the leading #Python repository: bit.ly/3Zgo5V7
⚠️🧵 RL threat researchers detected an impersonation attempt targeting a popular #PyPI cloudscraper package with more than 50M downloads. It has the suffix "safe" added, but it is all but safe: secure.software/pypi/packages/…
🔍Recently, researchers identified three malicious #Python packages on the #PyPI, tied to #VMConnect campaign, and attributed it to the #LazarusGroup. 🔻Explore our #APT profile to gain insights into #Lazarus and learn about the campaign: 🔗socradar.io/apt-profile-wh…
PyPI suspends new projects and users due to malicious activity developer-tech.com/news/2023/may/… #pypi #python #cybersecurity #infosec #security #hacking #coding #programming #news #tech #technology
Something went wrong.
Something went wrong.
United States Trends
- 1. FINALLY DID IT 447K posts
- 2. The BONK 47.3K posts
- 3. #Nifty 8,662 posts
- 4. $FULC 8,162 posts
- 5. Jalen 74.7K posts
- 6. US Leading Investment Team 4,535 posts
- 7. Good Tuesday 25.1K posts
- 8. Eagles 117K posts
- 9. Chargers 85.6K posts
- 10. Herbert 33.5K posts
- 11. Piers 84.5K posts
- 12. AJ Brown 10.3K posts
- 13. #WWERaw 50.8K posts
- 14. #BoltUp 4,670 posts
- 15. Fuentes 118K posts
- 16. Sirianni 5,713 posts
- 17. Cam Hart 1,399 posts
- 18. Saquon 11.6K posts
- 19. LA Knight 10.9K posts
- 20. 4 INTs 3,569 posts