all InfoSec news
This Week in Malware—Malicious 'Distutil' and Spring4Shell active exploitation
Sonatype Blog blog.sonatype.com
This week in malware we have a lot to go over. A mysterious 'Distutil' Python library found on the PyPI repository, active Spring4Shell exploitation by threat actors deploying crypto-miners, ProxyShell exploits targeting Microsoft Exchange servers, an open source utility claiming to add Google Play store to PCs but containing obfuscated malware, ongoing dependency confusion attempts, and last but not the least, the GitHub OAuth tokens compromise, that impacted a dozen organizations including npm.
dependency confusion devzone exploitation github malicious malware nexus firewall spring4shell this week in malware vulnerabilities