慢雾首席信息安全官 23pds 发推表示，月下载量高达 9700 万次的 Python AI 网关库 LiteLLM 遭遇 PyPI 供应链攻击，攻击者通过 pip install litellm 指令即可在用户设备上窃取敏感信息。可窃取的敏感数据包括：SSH 密钥、云服务凭据（AWS / GCP / Azure）、Kubernetes 配置文件、Git 凭据、环境变量中的 API 密钥、Shel ...

A threat actor has uploaded to the PyPI (Python Package Index) repository three malicious packages that carry code to drop info-stealing malware on developers' systems. The malicious packages, ...

A software security engineer has identified 12 Python libraries uploaded on the official Python Package Index (PyPI) that contained malicious code. The 12 packages have been discovered in two separate ...

The Python Software Foundation warned users this week that threat actors are trying to steal their credentials in phishing attacks using a fake Python Package Index (PyPI) website. PyPI is a ...

A newly uncovered malicious package on the Python Package Index (PyPI) has raised fresh concerns about the security of open source software repositories. The package, named “dbgpkg,” was discovered by ...

According to cybersecurity firm Hacken, financial losses from crypto hacks topped $440 million in the third quarter of 2024. Researchers at the Checkmarx cybersecurity firm sounded the alarm on a ...

NumPy (Numerical Python) is an open-source library for the Python programming language. It is used for scientific computing and working with arrays. Apart from its multidimensional array object, it ...