Skip Navigation

PyPI attackers still at it: Malicious packages drop trojans and info-stealers

By Ax Sharma on June 22, 2023 vulnerability

3 minute read time

Sonatype's malicious open source and malware detection systems found hundreds of malicious PyPI packages.

PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables

By Ax Sharma on May 24, 2022 vulnerabilities

5 minute read time

Popular Python package 'ctx' that is downloaded over 22,000 times weekly on PyPI registry has been compromised and now steals environment variables.

New 'pymafka' malicious package drops Cobalt Strike on macOS, Windows, Linux

By Ax Sharma on May 20, 2022 vulnerabilities

5 minute read time

The 'pymafka' PyPI package is filled with trojans targeting Windows, macOS & Linux users and appears to typosquat the popular PyKafka.

Nexus Intelligence Insights CVE-2019-15753: OpenStack (os-vif), Denial of Service & Information Exposure

By Elisa Velarde on September 27, 2019 vulnerabilities

4 minute read time

In this month's Nexus Intelligence Insights, we're covering CVE-2019-15753: a MAC address aging vulnerability that opens up the potential for a DoS and.