all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Popular PyPI Package 'ctx' and PHP Library 'phpass' Hijacked to Steal AWS Keys

Add to bookmarks
May 26, 2022, 2:35 a.m. | noreply@blogger.com (Ravie Lakshmanan)

The Hacker News thehackernews.com

Two trojanized Python and PHP packages have been uncovered in what's yet another instance of a software supply chain attack targeting the open source ecosystem.
One of the packages in question is "ctx," a Python module available in the PyPi repository. The other involves "phpass," a PHP package that's been forked on GitHub to distribute a rogue update.
"In both cases the attacker appears to have

aws ctx hijacked keys library package php popular pypi

Visit resource

More from thehackernews.com / The Hacker News

Palo Alto Networks Discloses More Details on Critical PAN-OS Flaw Under Attack 6 hours ago | thehackernews.com
alto attack bugs critical +22
Critical Update: CrushFTP Zero-Day Flaw Exploited in Targeted Attacks 6 hours ago | thehackernews.com
attacks can critical critical update +25
BlackTech Targets Tech, Research, and Gov Sectors New 'Deuterbear' Tool 22 hours ago | thehackernews.com
actor asia attack backdoor +15
How Attackers Can Own a Business Without Touching the Endpoint 1 day ago | thehackernews.com
apps attack attackers attack techniques +14
Akira Ransomware Gang Extorts $42 Million; Now Targets Linux Servers 1 day, 1 hour ago | thehackernews.com
akira akira ransomware america businesses +19
Hackers Target Middle East Governments with Evasive "CR4T" Backdoor 1 day, 5 hours ago | thehackernews.com
backdoor campaign cybersecurity cybersecurity company +15
OfflRouter Malware Evades Detection in Ukraine for Almost a Decade 1 day, 21 hours ago | thehackernews.com
analysis called cisco cisco talos +22
FIN7 Cybercrime Group Targeting U.S. Auto Industry with Carbanak Backdoor 1 day, 22 hours ago | thehackernews.com
auto auto industry automotive automotive industry +17
Recover from Ransomware in 5 Minutes—We will Teach You How! 2 days ago | thehackernews.com
attack back can cdp +21

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Security Officer Level 1 (L1)

@ NTT DATA | Virginia, United States of America
View on infosec-jobs.com

Alternance - Analyste VOC - Cybersécurité - Île-De-France

@ Sopra Steria | Courbevoie, France
View on infosec-jobs.com

Senior Security Researcher, SIEM

@ Huntress | Remote US or Remote CAN
View on infosec-jobs.com

Cyber Security Engineer Lead

@ ASSYSTEM | Bridgwater, United Kingdom
View on infosec-jobs.com
View more jobs