all InfoSec news
Cloud Provider Credentials Targeted in New PyPI Malware Campaign
Oct. 10, 2023, 1:02 a.m. | Phylum Research Team
Phylum blog.phylum.io
Over the weekend, Phylum’s automated risk detection alerted us to a series of publications surrounding packages on PyPI, all purporting to be some kind of cloud provider SDK or helper package. While these packages do, in fact, provide the purported functionality, they also surreptitiously ship the credentials off
automated campaign cloud cloud provider credentials detection fact kind malware malware campaign package packages phylum publications pypi research risk sdk series ship weekend
More from blog.phylum.io / Phylum
Python Package Installation Attacks
3 days, 13 hours ago |
blog.phylum.io
Python Trojan Functions and Imports
3 days, 13 hours ago |
blog.phylum.io
Python Package Spoofing
3 days, 13 hours ago |
blog.phylum.io
Series: How Malicious Python Code Gains Execution
3 days, 13 hours ago |
blog.phylum.io
Nation-State Threat Actors Renew Publications to npm
4 days, 5 hours ago |
blog.phylum.io
Q1 2024 Evolution of Software Supply Chain Security Report
1 week, 5 days ago |
blog.phylum.io
Rust crate shipping xz backdoor
2 weeks, 2 days ago |
blog.phylum.io
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Associate Compliance Advisor
@ SAP | Budapest, HU, 1031
DevSecOps Engineer
@ Qube Research & Technologies | London
Software Engineer, Security
@ Render | San Francisco, CA or Remote (USA & Canada)
Associate Consultant
@ Control Risks | Frankfurt, Hessen, Germany
Senior Security Engineer
@ Activision Blizzard | Work from Home - CA