资讯

Malicious Python packages are stealing vital data, and have been downloaded thousands of ...
Multiple open source software packages on the Python Package Index (PyPI) repository were found to be malicious, likely ...
The Hacker News7 天
Malicious Python Packages on PyPI Downloaded 39,000+ Times, Steal Sensitive Data
Researchers found Disgrasya downloaded 37,217 times, targeting WooCommerce with carding scripts that steal payment data.
Carding tool abusing WooCommerce API downloaded 34K times on PyPI
A newly discovered malicious PyPi package named 'disgrasya' that abuses legitimate WooCommerce stores for validating stolen ...
The Register on MSN2 天
AI can't stop making up software dependencies and sabotaging everything
Hallucinated package names fuel 'slopsquatting' The rise of AI-powered code generation tools is reshaping how developers ...
Computing3 年
Researchers warn of malicious typosquatting packages making their way into open source ...
The researchers also uncovered the "aiohttp-socks4" PyPI package, which looks to be an effort to revive the trojanised package "aiohttp-socks5". Additionally, they discovered eight PyPI packages ...
Security Boulevard10 天
Malicious python packages target popular Bitcoin library
When it comes to the frequency and sophistication of software supply chain attacks, few industries can compare with the ...
AI-hallucinated code dependencies become new supply chain risk
A new class of supply chain attacks named 'slopsquatting' has emerged from the increased use of generative AI tools for ...
Hackaday6 年
When Good Software Goes Bad: Malware In Open Source
But how did this package get hosted on PyPi, the main source of community contributed goodness for Python? How many of you have downloaded packages from PyPi without looking through all of the source?