SendStory Logo

10 malicious Python packages exposed in latest repository attack

Ars Technica LogoArs Technica1 mo ago

10 malicious Python packages exposed in latest repository attack

Quick Summary

Supply-chain attacks are moving GitHub toward digitally signed packages.

But trick packages have also been found in RubyGems in 2020, NPM in December 2021, and many more open source repositories.

Installing from PyPi through the pip command is a foundational step for starting or setting up many Python projects.


More Pictures

10 malicious Python packages exposed in latest repository attack - Ars Technica (Picture 1)

News Analysis

Author / Journalist: Kevin Purdy

Category: Technology

Topics: Supply chain attack Tech Malware Npm Security GitHub Software supply chain attack Pypi Sigstore Python

Source Website Secure: Yes (HTTPS)

Sentiment: Negative

Fact Checked: Legitimate

Article Type: News Report

News Source URL: arstechnica.com

Readership Location: United States

Published Date: 2022-08-09, 18:01:33

News Timezone: GMT -5:00

Language: English

Original Article Length: 212 words

Reading Duration: 2 minutes read

Compatibility: Desktop Web, Mobile Web, iOS App, Android App

News ID: 1515488

Load More

About Publisher

Ars Technica Logo

Name: Ars Technica

Main Topics: Technology

Official Website: arstechnica.com

Update Frequency: 10 posts per day

Last Update: 15h ago

Headquarters: United States

Coverage Areas: United States

Publication Owner: Independent Company

Publication Timezone: GMT -5:00

Languages Covered: English

RSS Feed: Available (XML)

API Available: Yes

Website Security: Secure (HTTPS)

Publisher ID: #59

Load More

SendStory makes reading the news super fast, short, and sweet by summarizing every story into 3 sentences. Our mission is to create an informed generation of people by making news extremely easy to read, while saving your precious time staying informed.

© Copyright 2022 SendStory. All Rights Reserved.