all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Over 170K Users Affected by Attack Using Fake Python Infrastructure

Add to bookmarks
March 25, 2024, 11:05 a.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news


The Checkmarx Research team recently discovered an attack campaign targeting the software supply chain, with evidence of successful exploitation of multiple victims. These include the Top.gg GitHub organization (a community of over 170k users) and several individual developers. The threat actors used multiple TTPs in this attack, including account takeover via stolen browser cookies, contributing malicious code with verified commits, setting up a custom Python mirror, and publishing malicious packages to the PyPi registry. This blog will cover the attack …

account account takeover attack campaign checkmarx community developers exploitation fake github infrastructure organization python research software software supply chain supply supply chain takeover targeting team threat threat actors ttps

Visit resource

More from malware.news / Malware Analysis, News and Indicators - Latest topics

RSA Conference 2024 Preview: The Sessions to See This Year 14 minutes ago | malware.news
article brian conference episode +12
Senators Reprimand UnitedHealth CEO in Ransomware Hearing 14 minutes ago | malware.news
attack ceo change change healthcare +17
Prisma SASE 3.0 — Securing Work Where It Happens 54 minutes ago | malware.news
application coffee corporate corporate network +19
Deepfakes and AI-Driven Disinformation Threaten Polls 2 hours ago | malware.news
access article campaigns deepfakes +13
Malware development trick 38: Hunting RWX - part 2. Target process investigation tricks. Simple C/C++ … 2 hours ago | malware.news
cybersecurity development hackers hello +16
Beyond the Evidence: Leveraging Decision Intelligence to Drive Better Outcomes in Digital Forensics 2 hours ago | malware.news
beyond communications crime decision +18
Graph: Growing number of threats leveraging Microsoft API 3 hours ago | malware.news
api article blogs cloud +12
The Future of Passwordless Authentication in Cybersecurity 3 hours ago | malware.news
actions authentication biometric clicking +15
Vulnerability in CraftBeerPi 4 software 3 hours ago | malware.news
article cert cert polska cve +9

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote
View on infosec-jobs.com

Associate Manager, BPT Infrastructure & Ops (Security Engineer)

@ SC Johnson | PHL - Makati
View on infosec-jobs.com

Cybersecurity Analyst - Project Bound

@ NextEra Energy | Jupiter, FL, US, 33478
View on infosec-jobs.com

Lead Cyber Security Operations Center (SOC) Analyst

@ State Street | Quincy, Massachusetts
View on infosec-jobs.com

Junior Information Security Coordinator (Internship)

@ Garrison Technology | London, Waterloo, England, United Kingdom
View on infosec-jobs.com

Sr. Security Engineer

@ ScienceLogic | Reston, VA
View on infosec-jobs.com
View more jobs