all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Series: How Malicious Python Code Gains Execution

Add to bookmarks
April 24, 2024, 6:11 p.m. | Charles Coggins

Phylum blog.phylum.io

The primary vector for malicious code running in software developer environments (e.g., local system, CI/CD runners, production servers, etc.) is software dependencies. This is third-party code which often means open-source software, also known as running code from strangers on the internet.

The prized goal for attackers is arbitrary

attackers code dependencies developer environments etc gains goal insights and resources internet local malicious open-source software party production python runners running series servers software software developer system third third-party

Visit resource

More from blog.phylum.io / Phylum

Devious Python Build Requirements 4 days, 10 hours ago | blog.phylum.io
arbitrary code attackers build code +5
Python Package Installation Attacks 1 week, 2 days ago | blog.phylum.io
attackers attacks back code +14
Python Trojan Functions and Imports 1 week, 2 days ago | blog.phylum.io
calling code concept functions +10
Python Package Spoofing 1 week, 2 days ago | blog.phylum.io
authors code developers foundation +18
Series: How Malicious Python Code Gains Execution 1 week, 2 days ago | blog.phylum.io
attackers code dependencies developer +21
Nation-State Threat Actors Renew Publications to npm 1 week, 3 days ago | blog.phylum.io
apts attack back blog +18
Enterprise Strategy Group Report: The Growing Complexity of Securing the Software Supply Chain 2 weeks, 3 days ago | blog.phylum.io
america called complexity developer +21
Q1 2024 Evolution of Software Supply Chain Security Report 2 weeks, 4 days ago | blog.phylum.io
cve cves exploited in the wild +17
Rust crate shipping xz backdoor 3 weeks, 1 day ago | blog.phylum.io
attack backdoor compression engineer +11

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Principal Security Engineer

@ Elsevier | Home based-Georgia
View on infosec-jobs.com

Infrastructure Compliance Engineer

@ NVIDIA | US, CA, Santa Clara
View on infosec-jobs.com

Information Systems Security Engineer (ISSE) / Cybersecurity SME

@ Green Cell Consulting | Twentynine Palms, CA, United States
View on infosec-jobs.com

Sales Security Analyst

@ Everbridge | Bengaluru
View on infosec-jobs.com

Alternance – Analyste Threat Intelligence – Cybersécurité - Île-de-France

@ Sopra Steria | Courbevoie, France
View on infosec-jobs.com

Third Party Cyber Risk Analyst

@ Chubb | Philippines
View on infosec-jobs.com
View more jobs