Actors behind PyPI supply chain attack have been active since late 2021

1 min.

September 1, 2022

The official software repository for the Python language, Python Package Index (PyPI), has been targeted in a complex supply chain attack that appears to have successfully poisoned at least two legitimate projects with credential-stealing malware, researchers said on Thursday (9/2/2022).

Want to learn more? Here are some additional pieces for you to read.

Shifting Application Security Left and Right — Sandeep Johri, Checkmarx

Securing Java Applications in the Cloud: Best Practices and Tools

How Do Attackers Hijack Old Domains and Subdomains?

Hackers threaten to leak Amazon Ring data after claiming responsibility for ransomware attack

Expert Comment: Github announces 2FA to be introduced

Understanding Technical Debt for Software Teams

Colour-Blind: Similar to W4SP stealer

Checkmarx Adds Sandeep Johri As CEO; Co-founder & CEO Emmanuel Benzaquen Continues To Serve On The Board Of Directors

This is how I convinced the CEO of Salesforce to invest in our startup

JuiceLedger Hacker Linked to First Phishing Campaign Targeting PyPI Users

The security flaw that Python developers should be aware of

RING OF FIRE: Millions of Ring doorbell owners warned of ‘high severity’ bug – check your app now

Amazon’s Ring Patches Flaw That Could’ve Let Hackers Access Camera Footage

Amazon Ring vulnerability could have been used to spy on users

Ring patched an Android bug that could have exposed video footage

Amazon’s Ring quietly fixed security flaw that put users’ camera recordings at risk of exposure

Black Hat 2022 Reveals Enterprise Security Trends

Top cybersecurity products unveiled at Black Hat 2022

Checkmarx API Security identifies shadow and zombie APIs during software development

35K Malicious Code Insertions in GitHub: Attack or Bug-Bounty Effort?

Actors behind PyPI supply chain attack have been active since late 2021

Read More