Bleeping Computer

Malicious PyPI packages abuse Gmail, websockets to hijack systems

Seven malicious PyPi packages were found using Gmail's SMTP servers and WebSockets for data exfiltration and remote command execution. The packages were discovered by Socket's threat research team, ...
Bleeping Computer

SSH keys stolen by stream of malicious PyPI and npm packages

A stream of malicious npm and PyPi packages have been found stealing a wide range of sensitive data from software developers on the platforms. The campaign started on September 12, 2023, and was first ...