PyTorch Malvertised
PyTorch is one of the most popular and widely-used machine learning toolkits out there. Initially released as an open-source project by Meta, and was handed over to the Linux Foundation…
Malicious library files found in PyPi Repository
Researchers have spotted numerous malicious packages on PyPI, the primary Python package index used by Python developers. The first of them was Ascii2text, a malicious package that mimicked the popular…
PyPi adds 2FA for its Critical repositories
The PyPI is rolling out two-factor authentication for “critical projects” in the form of physical security keys. The repository is distributing 4,000 Titan Security Keys sponsored by Google’s open-source security…
Malicious PyPi Repositories hijacking AWS secrets
Researchers discovered multiple Python packages in the official PyPI repository that have been developed to steal AWS secrets and uploaded them to a publicly exposed endpoint. The malicious packages, which…