This was not a case of stolen credentials, but rather of vulnerability exploitation.

Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...

An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive ...

The Slovak National Security Office (NBU) has identified ten malicious Python libraries uploaded on PyPI — Python Package Index — the official third-party software repository for the Python ...

The scanners tasked with weeding out malicious contributions to packages distributed via the popular open source code repository Python Package Index (PyPI) create a significant number of false alerts ...

Cybersecurity experts at ReversingLabs have unveiled a concerning continuation of the infamous VMConnect campaign. This ongoing assault, initially discovered in early August, has revealed an insidious ...

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a ...

Security researchers from Check Point have spotted 10 malicious packages on Python Package Index (PyPI), the primary Python package index used by Python developers. The first of them was Ascii2text, a ...

Researchers have come across a rather odd Python code package online that aims to steal Google Cloud Platform credentials from a very limited set of macOS victims. The package, "lr-utils-lib," was ...