Search cyberveille.decio.ch

Found 8 bookmarks

Newest

Malicious Go Binary Delivered via Steganography in PyPI

On May 10, 2024, Phylum’s automated risk detection platform alerted us to a suspicious publication on PyPI. The package was called requests-darwin-lite and appeared to be a fork of the ever-popular requests package with a few key differences, most notably the inclusion of a malicious Go binary packed into

#phylum #EN #2024 #Steganography #macOS #Go

·blog.phylum.io·May 14, 2024

Malicious Go Binary Delivered via Steganography in PyPI

Dozens of npm Packages Caught Attempting to Deploy Reverse Shell

On October 27, Phylum’s automated risk detection platform began alerting us to a series of suspicious publications on npm. Over the course of the following few days, we discovered a campaign involving at least 48 different publications. These packages, deceptively named to appear legitimate, contained obfuscated JavaScript designed to

#phylum #EN #2023 #npm #Reverse #Shell #Supply-chain-attack

·blog.phylum.io·Nov 10, 2023

Dozens of npm Packages Caught Attempting to Deploy Reverse Shell

Developers Warned of Malicious PyPI, NPM, Ruby Packages Targeting Macs - SecurityWeek

Malicious packages uploaded to PyPI, NPM, and Ruby repositories are targeting macOS users with information stealing malware.

#securityweek #EN #2023 #macos #phylum #PyPI #NPM #Ruby #Supply-Chain-Attack

·securityweek.com·Sep 6, 2023

Developers Warned of Malicious PyPI, NPM, Ruby Packages Targeting Macs - SecurityWeek

Nascent Malware Campaign Targets npm, PyPI, and RubyGems Developers

Phylum has identified a malware campaign spanning PyPI, npm and RubyGems. Delivering early stage malware to users.

#phylum #EN #2023 #Supply-Chain-Attack #npm #PyPI #RubyGems #macOS

·blog.phylum.io·Sep 6, 2023

Nascent Malware Campaign Targets npm, PyPI, and RubyGems Developers

Phylum Detects Ongoing Typosquat/Ransomware Campaign in PyPI and NPM

Malicious packages that download ransomware binaries written in Golang published today, with more expected in the coming hours.

#phylum #EN #2022 #Typosquat #Ransomware #PyPI #NPM #Supply-chain-security

·blog.phylum.io·Dec 12, 2022

Phylum Detects Ongoing Typosquat/Ransomware Campaign in PyPI and NPM

Malicious packages that download ransomware binaries written in Golang published today, with more expected in the coming hours.

#phylum #EN #2022 #Typosquat #Ransomware #PyPI #NPM #Supply-chain-security

·blog.phylum.io·Dec 12, 2022

Phylum Detects Ongoing Typosquat/Ransomware Campaign in PyPI and NPM

Phylum Discovers Dozens More PyPI Packages Attempting to Deliver W4SP Stealer in Ongoing Supply-Chain Attack

Last week, our automated risk detection platform alerted us to suspicious activity in dozens of newly published PyPI packages. Here's what we uncovered.

#Phylum #EN #2022 #supplychain #PyPI #W4SP #Stealer #Attack

·blog.phylum.io·Nov 2, 2022

Phylum Discovers Dozens More PyPI Packages Attempting to Deliver W4SP Stealer in Ongoing Supply-Chain Attack

Last week, our automated risk detection platform alerted us to suspicious activity in dozens of newly published PyPI packages. Here's what we uncovered.

#Phylum #EN #2022 #supplychain #PyPI #W4SP #Stealer #Attack

·blog.phylum.io·Nov 2, 2022

Phylum Discovers Dozens More PyPI Packages Attempting to Deliver W4SP Stealer in Ongoing Supply-Chain Attack