Connect with us
Researchers took advantage of a weakness in the encryption scheme of Key Group ransomware and developed a decryption tool that lets some victims to recover their...
A malicious package that mimics the VMware vSphere connector module ‘vConnector’ was uploaded on the Python Package Index (PyPI) under the name ‘VMConnect,’ targeting IT professionals....
A security researcher and system administrator has developed a tool that can help users check for manifest mismatches in packages from the NPM JavaScript software registry....
Python developers worldwide share and download code through PyPI (Python Package Index), a popular repository for software packages for the Python programming language. PyPI is widely...
A threat actor has uploaded to the PyPI (Python Package Index) repository three malicious packages that carry code to drop info-stealing malware on developers’ systems. The...
Prototype pollution is a dangerous bug class associated with prototype-based languages, the most popular among them JavaScript. One researcher, however, has found a variant of prototype pollution...
PyTorch has identified a malicious dependency with the same name as the framework’s ‘torchtriton’ library. This has led to a successful compromise via the dependency confusion attack vector. PyTorch admins are...
Threat actors have published a malicious Python package on PyPI, named ‘SentinelOne,’ that pretends to be the legitimate SDK client for the trusted American cybersecurity firm...
An estimated 350,000 open source repositories are affected by a 15-year old path traversal vulnerability in Python’s tarfile module, according to security researchers. Having “stumbled across” the unpatched...
A vulnerability in the Python programming language that has been overlooked for 15 years is now back in the spotlight as it likely affects more than...
Recent Comments