PyPI package ‘ctx’ and PHP library ‘phpass’ compromised to steal environment variables | allinfosecnews.com

May 24, 2022, 9:53 a.m. | Ax Sharma

Security Boulevard securityboulevard.com

This week, immensely popular PyPI package 'ctx' has been compromised and altered to steal environment variables from its users. Additionally, a forked PHP project 'phpass' also suffered a repo-hijacking attack with the project tained with identical malicious payload.

The post PyPI package ‘ctx’ and PHP library ‘phpass’ compromised to steal environment variables appeared first on Security Boulevard.

compromised devzone environment featured firewall library malware prevention network security package php pypi pypi vulnerability vulnerabilities

More from securityboulevard.com / Security Boulevard

USENIX Security ’23 – UVSCAN: Detecting Third-Party Component Usage Violations in IoT Firmware 8 hours ago | securityboulevard.com

access authors conference events +15

Understanding Cybersecurity Vulnerabilities 10 hours ago | securityboulevard.com

advice attacks can cybersecurity +12

Bridging the Gap: Uniting Development and AppSec 11 hours ago | securityboulevard.com

application security appsec aspm bridging the gap +20

USENIX Security ’23 – Union Under Duress: Understanding Hazards of Duplicate Resource Mismediation in Android … 12 hours ago | securityboulevard.com

access android authors conference +20

Agile by Design: Cybersecurity at the Heart of Transformation 13 hours ago | securityboulevard.com

agile blog business can +25

Cybersecurity Insights with Contrast CISO David Lindner | 4/26/24 14 hours ago | securityboulevard.com

ai analytics & intelligence artificial intelligence audio +26

Segregation of Duties Remediation in Oracle ERP Cloud 14 hours ago | securityboulevard.com

actions articles cloud digital +14

Fix SPF Permerror: Overcome SPF Too Many DNS Lookups Limit 15 hours ago | securityboulevard.com

authentication cybersecurity deliverability dns +6

Announcing the General Availability of TitaniumScale v5.0: Enhancing File Analysis for Advanced Threat Detection 15 hours ago | securityboulevard.com

advanced advanced threat advanced threat detection analysis +23

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations

View on infosec-jobs.com

Security Engineer 2

@ Oracle | BENGALURU, KARNATAKA, India

View on infosec-jobs.com

Oracle EBS DevSecOps Developer

@ Accenture Federal Services | Arlington, VA

View on infosec-jobs.com

Information Security GRC Specialist - Risk Program Lead

@ Western Digital | Irvine, CA, United States

View on infosec-jobs.com

Senior Cyber Operations Planner (15.09)

@ OCT Consulting, LLC | Washington, District of Columbia, United States

View on infosec-jobs.com

AI Cybersecurity Architect

@ FactSet | India, Hyderabad, DVS, SEZ-1 – Orion B4; FL 7,8,9,11 (Hyderabad - Divyasree 3)

View on infosec-jobs.com