InfoWorld

Thousands of open source projects at risk from hack of GitHub Actions tool

App development teams who use a popular utility in the GitHub Actions continuous integration and continuous delivery/deployment (CI/CD) platform need to scrub their code because the tool was ...
WeLiveSecurity

A pernicious potpourri of Python packages in PyPI

PyPI is popular among Python programmers for sharing and downloading code. Since anyone can contribute to the repository, malware – sometimes posing as legitimate, popular code libraries – can appear ...
Computer Weekly

PyPI loophole puts thousands of packages at risk of compromise

Thousands of applications that have taken advantage of open source Python Package Index (PyPI) software packages may be at risk of hijacking and subversion by malicious actors, opening up the ...
Dark Reading

Faux ChatGPT, Claude API Packages Deliver JarkaStealer

Two Python packages claiming to integrate with popular chatbots actually transmit an infostealer to potentially thousands of victims. Publishing open source packages with malware hidden inside is a ...
Bleeping Computer

Hundreds of malicious Python packages found stealing sensitive data

A malicious campaign that researchers observed growing more complex over the past half year, has been planting on open-source platforms hundreds of info-stealing packages that counted about 75,000 ...
Infosecurity-magazine.com

Researchers Uncover 7000 Malicious Open Source Packages

Security vendor Sonatype detected 6933 malicious open source packages in the month of March alone, bringing the total discovered since 2019 to 115,165. Info-stealers comprised a significant number of ...
Bleeping Computer

Hackers bombard PyPi platform with information-stealing malware

The PyPi python package repository is being bombarded by a wave of information-stealing malware hiding inside malicious packages uploaded to the platform to steal software developers' data. The ...