[HackerNews] Several Malicious Typosquatted Python Libraries Found On PyPI Repository

As many as eight Python packages that were downloaded more than 30,000 times have been removed from the PyPI portal for containing malicious code, once again highlighting how software package repositories are evolving into a popular target for supply chain attacks.
“Lack of moderation and automated security controls in public software repositories allow even inexperienced attackers to use them

Source: Read More (The Hacker News)

You might be interested in …

[BleepingComputer] Fortinet patches bug letting attackers takeover servers remotely

Fortinet has released security updates to address a command injection vulnerability that can let attackers take complete control of servers running vulnerable FortiWeb web application firewall (WAF) installations. […] Source: Read More (BleepingComputer)

Read More

[ThreatPost] Bogus Cryptomining Apps Infest Google Play

All posts, ThreatPost

The apps attempt to swindle users into buying in-app upgrades or clicking on masses of ads. Source: Read More (Threatpost)

Read More

Daily NCSC-FI news followup 2021-02-07

Hacked by SolarWinds backdoor masterminds, Mimecast now lays off staff after profit surge www.theregister.com/2021/02/07/in_brief_security/ Plus: British Mensa in data leak blunder, DARPA are Star Wars fans, Sonicwall patch out, and more. Email security biz Mimecast not only fell victim to the SolarWinds hackers, leading to its own customers being attacked, it is also trimming its […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.