PyPI Malware Exploits Instagram Growth Tools to Harvest Credentials
Pulse ID: 68496f698c9d93ca338f0790
Pulse Link: https://otx.alienvault.com/pulse/68496f698c9d93ca338f0790
Pulse Author: cryptocti
Created: 2025-06-11 11:58:33
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #InfoSec #Instagram #Malware #OTX #OpenThreatExchange #PyPI #bot #cryptocti
#NPM: New Supply Chain #Malware Hits NPM and #PyPI Package Ecosystems. #ReactNative-Aria & #GlueStack packages with cumulative 1mln+ weekly downloads backdoored overnight - check your dependencies!
#SoftwareSupplyChainSecurity
👇
https://thehackernews.com/2025/06/new-supply-chain-malware-operation-hits.html
Paquetes maliciosos de #PyPI, #npm y #Ruby se han encontrado en ataques continuos a la #supplychain de código abierto
https://blogs.masterhacks.net/noticias/hacking-y-ciberdelitos/paquetes-maliciosos-de-pypi-npm-y-ruby-se-encontraron-en-ataques-continuos-a-la-cadena-de-suministro-de-codigo-abierto/
No i mamy kolejny powód, żeby nie używać #PythonPoetry. Właśnie wynaleźli na nowo "reproducible build", i wyszło jak zwykle. Całkiem przeoczyli cały sens tego pomysłu, i zaczęli wymuszać znaczniki czasu na plikach w archiwach źródłowych. A do tego, jak SOURCE_DATE_EPOCH nie jest ustawione, to zamiast wyłączać tę funkcję, wymuszają znacznik zerowy.
Tak więc wszystkie archiwa sdist tworzone przez Poetry i wrzucane na #PyPI dziś mają daty z roku 1970, co powoduje przypadkowe problemy. A najbardziej absurdalne w tym jest to, że ZIP nie obsługuje takich dat, więc kiedy tworzą archiwa binarne wheel, to nadpisuję tę datę inną przypadkową datą 🤦.
New reason not to use #PythonPoetry just dropped: they reinvented "reproducible builds", poorly. The problem is, they missed the purpose of reproducible builds entirely and they use it for source distributions too, and when you don't use SOURCE_DATE_EPOCH, they force all files to epoch (as in timestamp 0) instead of leaving them alone.
Like, all source distributions created by Poetry and uploaded to #PyPI now have 1970 timestamps that, simply speaking, break stuff. The most absurd thing is that ZIP can't handle that timestamp, so they override it and use another date for wheels 🤦.
Fake Solana Tool on PyPI Used to Steal Source Code
Pulse ID: 6840208305b1b70ff9ee75fa
Pulse Link: https://otx.alienvault.com/pulse/6840208305b1b70ff9ee75fa
Pulse Author: cryptocti
Created: 2025-06-04 10:31:31
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #InfoSec #OTX #OpenThreatExchange #PyPI #RCE #bot #cryptocti
You want to use a #StaticSiteGenerator and need to support #multilingual sites? It’s now easier than ever! For quite a while, #Pelican had a great plugin for that use case. Now I helped migrate it to the new plugin format, which means that it can easily be installed from #PyPI. https://github.com/pelican-plugins/i18n-subsites #MultilingualDH #MinimalComputing
PyPI Supply Chain Attack Uncovered: Colorama and Colorizr Name Confusion
A malicious package campaign targeting Python and NPM users on Windows and Linux has been discovered. The attack uses typo-squatting and name-confusion tactics against the popular colorama Python package and the similar colorizr JavaScript package. Multiple packages with risky payloads were uploaded to PyPI, using names similar to legitimate packages in both PyPI and NPM. The unusual tactic of using an NPM package name to attack PyPI users was observed. The payloads allow remote access, control of desktops and servers, and exfiltration of sensitive data. Windows payloads attempt to bypass antivirus protection. The campaign's sophistication suggests targeted adversarial activity, although attribution remains unclear.
Pulse ID: 683e1f7f063d60138cc2ccf6
Pulse Link: https://otx.alienvault.com/pulse/683e1f7f063d60138cc2ccf6
Pulse Author: AlienVault
Created: 2025-06-02 22:02:39
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Colorama #CyberSecurity #ICS #InfoSec #Java #JavaScript #Linux #NPM #OTX #OpenThreatExchange #PyPI #Python #RAT #SupplyChain #Windows #bot #AlienVault
@brunopostle I don't know about the relevance of #gbXML , beside it being used by #energyplus / #OpenStudio . From the thesis of MGVisschers, I get the impression that the format is supposed by all building energy simulation software. And I've seen there is already a well developed gbxml package on #pypi . To me, it seems obvious there should be a developed package for conversion between #IFC and gbxml.
@brunopostle I thought we could start a discussion here on the development of a Python package for IFC-to-gbXML-conversion, with the aim of making it available on PyPI and Conda. By having the discussion here, we might attract the interest of other contributors.
You've already done great work on your fork of MSVisschers' original repo. For reference, I'll link to your repo here: https://github.com/brunopostle/IFC-to-gbXML-converter
There is now a #gitAnnex package on #PyPi: https://pypi.org/project/git-annex/
This should make it simpler to deploy git-annex in Python virtual environments, also as versioned dependencies for software like #Datalad
Packages are built for Linux, Windows, and Mac via GitHub actions: https://github.com/psychoinformatics-de/git-annex-wheel/
Contributions to cover more platforms are most welcome!
🚨 Hackers are hiding malware inside AI/ML models on PyPI, targeting #AlibabaAILabs users. Malicious packages dropped infostealers through infected Pickle files.
Read: https://hackread.com/malware-ai-models-pypi-targets-alibaba-ai-labs-users/
Malicious attack method on hosted ML models now targets PyPI
A new malicious campaign has been discovered targeting the Python Package Index (PyPI) by exploiting the Pickle file format in machine learning models. Three malicious packages posing as an Alibaba AI Labs SDK were detected, containing infostealer payloads hidden inside PyTorch models. The packages exfiltrate information about infected machines and .gitconfig file contents. This attack demonstrates the evolving threat landscape in AI and machine learning, particularly in the software supply chain. The campaign likely targeted developers in China and highlights the need for improved security measures and tools to detect malicious functionality in ML models.
Pulse ID: 68343195f3f6c6e7a2fde462
Pulse Link: https://otx.alienvault.com/pulse/68343195f3f6c6e7a2fde462
Pulse Author: AlienVault
Created: 2025-05-26 09:17:09
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#China #CyberSecurity #InfoSec #InfoStealer #Mac #OTX #OpenThreatExchange #PyPI #Python #RAT #SupplyChain #bot #developers #AlienVault
I enjoyed writing my first blog post last weekend, so I thought I'd write another one. This one is about a #bash script that became a #Python script and is now a package. All because I was too lazy to label plates and tubes in the lab by hand. The post is mostly about the history and motivation behind the package, i.e. the stuff that does't really fit into the README
@miketheman @pycon @ThePSF It was great brainstorming that with you and the @trailofbits folks (cc @yossarian et al.) at #PyConUS
🚨 Researchers uncovered malicious PyPI packages exploiting Instagram & TikTok APIs to validate stolen emails! These tools help attackers confirm accounts for doxing, spam, or credential stuffing. Stay alert, devs! Full story: https://thehackernews.com/2025/05/malicious-pypi-packages-exploit.html #CyberSecurity #PyPI #InfoSec 🔒🐍 #newz
Malicious Python #PyPI Packages Exploit Instagram and TikTok APIs to Validate Stolen User Accounts:
👇
https://thehackernews.com/2025/05/malicious-pypi-packages-exploit.html
#Python #Wikipedia library on #PyPi is currently broken. I was gonna do a crawl with it starting with "Earth" and then getting all pages linked from there and all from those, etc.
Unfortunately, "Earth" returns the page for "Death" instead. Every single time.
The next thing I tried I forget but it failed entirely. But Earth maps to Death in the library always right now.
#Wikipedia-api library works though.
Now #golang has a supply chain security problem.
Github actions, terraform, go.... hmm, what do we got in common here.. treating git endpoints as trusted. But git endpoints can't have any central authority to check for malicious code! At least at #pypi you can report a package as malicious.
https://www.youtube.com/watch?v=EyO_SMl2YBk&ab_channel=CodeHead
