all InfoSec news
Python packages upload your AWS keys, env vars, secrets to the web
Security Boulevard securityboulevard.com
Last week, Sonatype discovered multiple Python packages that not only exfiltrate your secrets—AWS credentials and environment variables but rather upload these to a publicly exposed endpoint.
These packages were discovered by Sonatype's automated malware detection system, offered as a part of Nexus platform products, including Nexus Firewall. On a further review, we deemed these packages malicious and reported them to PyPI.
The post Python packages upload your AWS keys, env vars, secrets to the web appeared first on Security …
aws devzone featured keys malware prevention nexus firewall pypi python secrets the web vulnerabilities web