Dark Reading

'Blatantly Obvious': Spyware Offered to Cyberattackers via PyPI Python Repository

Researchers have discovered malware peddlers advertising an info-stealer out in the open on the Python Package Index (PyPI) — the official, public repository for the Python programming language — with ...
Infosecurity-magazine.com

Compromised AI Library Delivers Cryptocurrency Miner via PyPI

A compromised version of the popular ultralytics AI library has been found to deliver a cryptocurrency mining payload. ReversingLabs researchers traced the issue to a breach of the library’s build ...
Infosecurity-magazine.com

Malicious Package on PyPI Hides Behind Image Files, Spreads Via GitHub

A new malicious package has been found on the Python Package Index (PyPI) repository that could hide code in images with a steganographic technique and infect users through open-source projects on ...
Bleeping Computer

Fake VMware vConnector package on PyPI targets IT pros

A malicious package that mimics the VMware vSphere connector module ‘vConnector’ was uploaded on the Python Package Index (PyPI) under the name ‘VMConnect,’ targeting IT professionals. VMware vSphere ...