Malicious Packages Hidden in PyPI


The FortiGuard Labs team has identified a malicious PyPI package affecting all platforms where PyPI packages can be installed.

This discovery poses a significant risk to individuals and institutions that have installed these packages, potentially leading to the leakage of credentials and sensitive information. Given the high severity of this threat, it is crucial to focus on this specific PyPI package. This report discusses its potential impacts and emphasizes the importance of diligent security practices in managing software dependencies.

Read more…
Source: Fortinet


Sign up for our Newsletter


Related:

  • Nine killed, 2,750 wounded across Lebanon as Hezbollah pagers explode

    September 17, 2024

    At least nine people were killed and about 2,750 were wounded by exploding handheld pagers across Lebanon, the country’s health minister has said. Firass Abiad said that an eight-year-old girl was among those killed and that more than 200 people are in critical condition after the communication devices exploded on Tuesday, with injuries mostly reported to ...

  • Cyber threats continue to plague Philippine financial institutions

    September 17, 2024

    The financial industry remains a prime target for cyberattacks, despite the Bangko Sentral ng Pilipinas’ (BSP) new framework to enhance cyber resilience, a global cybersecurity and digital privacy company has warned. Kaspersky, a cybersecurity firm, reported that the finance sector experiences the highest losses due to online fraud, as scammers increasingly exploit customer data for account ...

  • TikTok just had the most important two hours of its life

    September 16, 2024

    Who really controls TikTok’s magical algorithm — the US-based company that runs the app or its Chinese parent, ByteDance? That’s the question that bedeviled a trio of federal judges on Monday charged with deciding whether to allow the implementation of a law that could ultimately result in TikTok being banned for all Americans. After more than ...

  • Malware exploits braille characters to breach Windows security flaws

    September 16, 2024

    The Windows operating system (OS) had a vulnerability that allowed people to hide a file’s true extension, which hackers were able to use and distribute files that looked like .PDF documents, but were in fact weaponized .HTA files. In the most recent Patch Tuesday cumulative update, Microsoft addressed a flaw described as “Windows MSHTML spoofing vulnerability”, ...

  • Education, Health Sectors Facing Challenges as Nigeria Records 586,130 Cyber Threats in 6 Months

    September 14, 2024

    Between January and June 2024, a staggering 586,130 cyber threats were launched against Nigeria, especially the financial institutions and telecoms companies, with other sectors also facing specific challenges. According to the report, various industries face unique cybersecurity challenges. The education sector grappled with maintaining security amidst digital transformation. The healthcare industry struggled to balance handling sensitive ...

  • I stole 20 GB of data from Capgemini – and now I’m leaking it, says cybercrook

    September 13, 2024

    A miscreant claims to have broken into Capgemini and leaked a large amount of sensitive data stolen from the technology services giant – including source code, credentials, and T-Mobile’s virtual machine logs. The French multinational IT and consulting firm did not immediately respond to The Register’s request for comment, and has yet to formally confirm or ...