Last week, Sonatype discovered multiple Python packages that not only exfiltrate your secrets---AWS credentials and environment variables but rather upload these to a publicly exposed endpoint.

These packages were discovered by Sonatype's automated malware detection system, offered as a part of Nexus platform products, including Nexus Firewall. On a further review, we deemed these packages maliciou...