PyPi – TheCyberThrone

Malicious package found on NPM and PYPi Registries

Researchers have discovered malicious packages on the npm and PyPi open-source registries, which could cause issues if unwittingly downloaded by developers. In January, Researchers found 691 malicious npm packages and…

PravinKarthik February 14, 2023

SentinelOne SDK malvertised by Pypi Package

Researchers have discovered a new malicious package named SentinelOne on the PyPI repository impersonating a legitimate software development kit for SentinelOne. The package is part of the malicious campaign called…

PravinKarthik December 20, 2022

Phishing Campaign against PyPI

PyPI, has warned of an ongoing phishing campaign that aims to steal developer credentials and inject malicious updates to the packages in the repository. The phishing messages are designed to…

PravinKarthik August 29, 2022

Poisoned Python library removed

Researchers have discovered the series of events that lead to the "ctx Python" library being seeded with code that sought to steal the AWS secret keys of anyone who included…

PravinKarthik May 26, 2022

Malicious PyPi Packages Plants Shell

Researchers uncovered 11 malicious Python packages that have been cumulatively downloaded more than 41,000 times from the Python Package Index (PyPI) repository, and could be exploited to steal Discord access…

PravinKarthik November 19, 2021

PyPi has a Critical Vulnerability

The operators of the official Python Package Index (PyPI) repository has eliminated 8 libraries that contain malicious code. The developers of PyPI have recently fixed the 3 most severe vulnerabilities,…

PravinKarthik August 3, 2021