The 2024 XZ incident illustrates how open-source software (OSS) has become strategic infrastructure in the global economy, ...

FEATURE Two supply chain attacks in March infected open source tools with malware and used this access to steal secrets from ...

infosec in brief The cybercrime crew linked to the Trivy supply-chain attack has struck again, this time pushing malicious Telnyx package versions to PyPI in an effort to plant credential-stealing ...

Running Python scripts is one of the most common tasks in automation. However, managing dependencies across different systems can be challenging. That’s where Docker comes in. Docker lets you package ...

“Chimera-sandbox-extensions” exploit highlights rising risks of open-source package abuse, prompting calls for stricter dependency controls and DGA malware detection. A malicious Python package posing ...

A malicious package designed to steal private keys for Ethereum wallets has been uncovered within the Python Package Index (PyPI). According to Socket, this package – named ‘set-utils’ – masquerades ...

Cybersecurity researchers have flagged a malicious Python library on the Python Package Index (PyPI) repository that facilitates unauthorized music downloads from music streaming service Deezer. The ...

A malicious package named 'pycord-self' on the Python package index (PyPI) targets Discord developers to steal authentication tokens and plant a backdoor for remote control over the system. The ...