Exclusive: Chainguard extends Repository scanning and policies to Java, Python and containers

Secure software supply chain solution provider Chainguard Inc. today expanded its Chainguard Repository product with malware ...
Cryptopolitan on MSN

Cordyceps flaws let anyone with a free GitHub account hijack CI/CD pipelines at Microsoft, Google, and Apache

Security firm Novee has revealed Cordyceps as a class of exploitable CI/CD vulnerabilities across open-source repositories ...
SecurityWeek

Exploitable CI/CD Vulnerabilities Expose Millions of Repositories to Hijacking

Cordyceps, a systemic class of exploitable CI/CD vulnerabilities, allows unauthenticated attackers to hijack developer ...
ZDNet

Developers, watch your code: Official Python repository spread malicious projects

PyPI is the official Python Package Index that currently contains 500,972 projects, 5,228,535 million releases, 9,950,103 million files, and 770,841 users. PyPI helps users locate and install software ...

Continuum Analytics Launches Anaconda Server for Enterprise Package Management

Continuum Analytics, the premier provider of Python-based data analytics solutions and services, today announced the release of Anaconda Server, an enterprise tool suite for the deployment and ...
Dark Reading

'Blatantly Obvious': Spyware Offered to Cyberattackers via PyPI Python Repository

Researchers have discovered malware peddlers advertising an info-stealer out in the open on the Python Package Index (PyPI) — the official, public repository for the Python programming language — with ...
TechRadar

Credit card-stealing malware found in official Python repository

Cybersecurity researchers have once again found malicious packages lurking in Python’s official repository, PyPI. According to estimates from the security research team at DevOps specialists JFrog, ...
Ars Technica

10 malicious Python packages exposed in latest repository attack

I would really appreciate if some companies worked together to curate a repository of the most often used packages. We are using open source software in our company, yet instead of paying a security ...