Hijacking of popular ctx and phpass packages reveals open source security gaps

The Python module “ctx” and a fork of the PHP library “phpass” have recently been modified by an unknown attacker to grab AWS credentials/keys and send them to a Heroku app. But what at first seemed like the work of a malicious actor turned out to be an exploit by a security researcher, who wanted to demonstrate how easy it is to take control of popular packages and the repositories hosting them. In this Help … More →

The post …

account hijacking ctx don't miss github hijacking hot stuff open source open source security php popular pypi python research security sonatype supply chain compromise video