Nuacht

Bleeping Computer

Backdoored Python Library Caught Stealing SSH Credentials

Barely a week has passed from the last attempt to hide a backdoor in a code library, and we have a new case today. This time around, the backdoor was found in a Python module, and not an npm ...
Computing

PyPI package 'ctx' and PHP library 'phpass' hijacked to obtain AWS keys

Security researchers this week identified two corrupt Python and PHP packages in what appears to be yet another instance of a software supply chain attack targeting the open-source ecosystem. Python ...
Ars Technica

Go Module Mirror served backdoor to devs for 3+ years

A mirror proxy Google runs on behalf of developers of the Go programming language pushed a backdoored package for more than three years until Monday, after researchers who spotted the malicious code ...