Cyberveillecurated by Decio
Nuage de tags
Mur d'images
Quotidien
Flux RSS
  • Flux RSS
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filtres

Liens par page

  • 20 links
  • 50 links
  • 100 links

Filtres

Untagged links
4 résultats taggé sonatype  ✕
Russia-linked 'Lumma' crypto stealer now targets Python devs https://www.sonatype.com/blog/crytic-compilers-typosquats-known-crypto-library-drops-windows-trojan
09/06/2024 16:32:39
QRCode
archive.org
thumbnail

Sonatype's automated malware detection systems identified a malicious PyPI package called crytic-compilers, connected to Russia-linked Lumma Windows stealer, and named very closely after a well-known legitimate Python library that is used by cryptocurrency developers.

sonatype EN 2024 PyPI Lumma Python cryptocurrency developers
PyPI Attackers Still At It: Malicious Packages Drop Trojans and Info-stealers https://blog.sonatype.com/pypi-attackers-still-at-it-malicious-packages-drop-trojans-and-info-stealers
23/06/2023 09:51:46
QRCode
archive.org
thumbnail

Sonatype's malicious open source and malware detection systems found hundreds of malicious PyPI packages.

sonatype EN 2023 PyPI malware Supply-Chain-Attack
Python packages upload your AWS keys, env vars, secrets to the web https://blog.sonatype.com/python-packages-upload-your-aws-keys-env-vars-secrets-to-web
27/06/2022 09:21:55
QRCode
archive.org
thumbnail

Multiple Python packages caught by Sonatype were seen uploading secrets such as AWS keys and environment variables to a web endpoint.

sonatype EN 20022 supplychain Python stealer AWS keys packages loglib-modules pyg-modules pygrata pygrata-utils hkg-sol-utils
PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables https://blog.sonatype.com/pypi-package-ctx-compromised-are-you-at-risk
25/05/2022 06:59:04
QRCode
archive.org
thumbnail

This week, immensely popular PyPI package 'ctx' has been compromised and altered to steal environment variables from its users. Additionally, a forked PHP project 'phpass' also suffered a repo-hijacking attack with the project tained with identical malicious payload.

PyPI ctx PHP supplychain attack sonatype EN 2022 exfiltration steal Supply-chain-security
4507 links
Shaarli - The personal, minimalist, super-fast, database free, bookmarking service par la communauté Shaarli - Theme by kalvn - Curated by Decio