Last week's OpenAI payment data and chat history leak involved a Race Condition vulnerability in an open source component, Redis.
Read More...
Attacker Floods PyPI With 1000s of Malicious Packages That Drop Windows Trojan via Dropbox
3 minute read time
A threat actor has infiltrated the PyPI software registry with 1,000s of malicious packages at one time.
Read More...
Malicious ‘aptX’ Python Package Drops Meterpreter Shell, Deletes ‘netstat’
4 minute read time
Sonatype identified malicious Python packages on the PyPI software registry that carried out multiple nefarious activities.
Read More...
This Week in Malware—Ongoing Dependency Confusion
4 minute read time
This week in malware, Sonatype's automated malware detection systems have spotted over four dozen dependency confusion candidates.
Read More...
More Than 200 Cryptomining Packages Flood npm and PyPI Registry
5 minute read time
More than 200 malicious packages have flooded npm and PyPI registries to install cryptominers on Linux hosts.
Read More...
PyPI Package 'secretslib' Drops Fileless Linux Malware to Mine Monero
7 minute read time
Sonatype identified a 'secretslib' PyPI package that covertly installs cryptominers on Linux systems.
Read More...
Ransomware in PyPI: Sonatype Spots 'Requests' Typosquats
8 minute read time
Sonatype has spotted multiple typosquats of the popular Python library, 'requests' that contain ransomware scripts.
Read More...
StringJS Typosquat Deploys Discord Infostealer Obfuscated Five Times
4 minute read time
An npm package called 'stringjs_lib' identified by Sonatype this week typosquats the popular npm library 'string' (or StringJS) to ship an obfuscated info-stealer obfuscated not one, five times.
Read More...
This Week in Malware—John Deere Dependency Confusion Attempt and More
3 minute read time
We discovered and analyzed 17 packages, at least a dozen of which were dependency confusion PoCs directly targeting the agricultural equipment giant John Deere (Deere & Company). An additional 42
Read More...