Bleeping Computer

Python Package Installation Can Trigger Malicious Code

Although there is nothing special about code executing on a machine, the moment when this code is executed is a significant detail from a security standpoint. The Python programming language allows ...
The Hacker News

Legacy Python Bootstrap Scripts Create Domain-Takeover Risk in Multiple PyPI Packages

The disclosure comes as HelixGuard discovered a malicious package in PyPI named "spellcheckers" that claims to be a tool for ...
TechRadar

New Lazarus Group campaign sees North Korean hackers spreading undetectable malware through GitHub and open source packages

Security researchers discovered malicious code in NPM packages and GitHub commits The code was linked to a Lazarus-operated account More than 200 victims were confirmed so far Lazarus Group, an ...
InfoWorld

GitHub launches GitHub Package Registry

GitHub has introduced the GitHub Package Registry, a package management service integrated into GitHub that allows developers to publish private or public packages next to their source code. GitHub ...
CSOonline

GitHub package limit put law firm in security bind

A cautionary tale of how a developer tool limit case could derail cybersecurity protections if not for quick thinking, public outreach, longtime relationships, and a vendor willing to listen and ...