Phishing Campaign against PyPI
PyPI, has warned of an ongoing phishing campaign that aims to steal developer credentials and inject malicious updates to the packages in the repository. The phishing messages are designed to…
GitLab fixes Critical RCE
GitLab has fixed a RCE vulnerability tracked as CVE-2022-2884 affecting the Community and the Enterprise Edition of its DevOps platform, and has urged admins to upgrade their GitLab instances immediately…
Malicious library files found in PyPi Repository
Researchers have spotted numerous malicious packages on PyPI, the primary Python package index used by Python developers. The first of them was Ascii2text, a malicious package that mimicked the popular…
RubyGems to enable MFA for its repositories
RubyGems enabled multi-factor authentication (MFA) for some of its largest publishers. The package manager has started alerting the maintainers of gems with more than 165 million downloads via the RubyGems…
Cobalt Strike Dropped by Malicious Code Repositories
Open source code repositories are critical part of the software supply chain that use to build applications which is an attractive target for adversaries seeking to distribute malware. The latest…