all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Warning: PyPI Feature Executes Code Automatically After Python Package Download

Add to bookmarks
Sept. 2, 2022, 10:21 a.m. | noreply@blogger.com (Ravie Lakshmanan)

The Hacker News thehackernews.com

In another finding that could expose developers to increased risk of a supply chain attack, it has emerged that nearly one-third of the packages in PyPI, the Python Package Index, trigger automatic code execution upon downloading them.
"A worrying feature in pip/PyPI allows code to automatically run when developers are merely downloading a package," Checkmarx researcher Yehuda Gelb said in a

code download package pypi python

Visit resource

More from thehackernews.com / The Hacker News

Hackers Target Middle East Governments with Evasive "CR4T" Backdoor an hour ago | thehackernews.com
backdoor campaign cybersecurity cybersecurity company +15
OfflRouter Malware Evades Detection in Ukraine for Almost a Decade 17 hours ago | thehackernews.com
analysis called cisco cisco talos +22
FIN7 Cybercrime Group Targeting U.S. Auto Industry with Carbanak Backdoor 17 hours ago | thehackernews.com
auto auto industry automotive automotive industry +17
Recover from Ransomware in 5 Minutes—We will Teach You How! 20 hours ago | thehackernews.com
attack back can cdp +21
New Android Trojan 'SoumniBot' Evades Detection with Clever Tricks 21 hours ago | thehackernews.com
analysis android android trojan called +16
How to Conduct Advanced Static Analysis in a Malware Sandbox 21 hours ago | thehackernews.com
advanced analysis can dynamic +17
Global Police Operation Disrupts 'LabHost' Phishing Service, Over 30 Arrested Worldwide 21 hours ago | thehackernews.com
arrested as-a-service called crackdown +14
Hackers Exploit OpenMetadata Flaws to Mine Crypto on Kubernetes 1 day, 1 hour ago | thehackernews.com
access april critical critical vulnerabilities +25
Malicious Google Ads Pushing Fake IP Scanner Software with Hidden Backdoor 1 day, 2 hours ago | thehackernews.com
actor ads backdoor campaign +16

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Dir-Information Security - Cyber Analytics

@ Marriott International | Bethesda, MD, United States
View on infosec-jobs.com

Security Engineer - Security Operations

@ TravelPerk | Barcelona, Barcelona, Spain
View on infosec-jobs.com

Information Security Mgmt- Risk Assessor

@ JPMorgan Chase & Co. | Bengaluru, Karnataka, India
View on infosec-jobs.com

SAP CO Consultant

@ Atos | Istanbul, TR
View on infosec-jobs.com
View more jobs