Links related to tag pypi

Phylum Discovers Aggressive Attack on PyPI Attempting to Deliver Rust Executable - phylum

🚨 This appears to be an ongoing attack. As of the morning of 2/24/2023 an additional 600+ packages have been published by this actor for a total of 1,130+ packages.

On the morning of February 23, 2023, Phylum's automated risk detection platform started lighting up with another series of strange publications on PyPI. After digging into it, we were able to link it up to another smaller campaign fro...

Python packages upload your AWS keys, env vars, secrets to the web - sonatype

Last week, Sonatype discovered multiple Python packages that not only exfiltrate your secrets---AWS credentials and environment variables but rather upload these to a publicly exposed endpoint.

These packages were discovered by Sonatype's automated malware detection system, offered as a part of Nexus platform products, including Nexus Firewall. On a further review, we deemed these packages maliciou...

Gitlab-CI/CD and GitLab PyPi Repository - medium

Gitlab-CI/CD and GitLab PyPi Repository

At Maisons du Monde we are using Gitlab as our main and only code management platform. On the Data team we have two main types of repositories: applications (API or data pipeline) and components (generic code that can be reused by multiple applications). Our components are private and we can't upload them on PyPi. Luckily, a few days ago, April 22nd, Gitlab ...