all InfoSec news
PyPI paused as automated attack overwhelms admins
Malware Analysis, News and Indicators - Latest topics malware.news
PyPI came under attack from bots at the weekend. Bad actors were trying to submit malicious packages with names similar to established dependencies.
It’s yet another scary illustration of the fragility inherent in our software supply chains. In this week’s Secure Software Blogwatch, we look deeper.
Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: For Doom fans.
[ Related repo news: RATs found hiding in the npm attic ]
Python team needs a …
attack automated bad bad actors bits bots dependencies malicious malicious packages names packages paused pypi scary secure software secure software blogwatch software software supply chains supply supply chains under weekend