The Hacker News6 天
This Malicious PyPI Package Stole Ethereum Private Keys via Polygon RPC Transactions
Malicious PyPI package set-utils steals Ethereum private keys, exfiltrating them via Polygon RPC to evade detection.
PyPi package with 100K installs pirated music from Deezer for years
A malicious PyPi package named 'automslc' has been downloaded over 100,000 times from the Python Package Index since 2019, ...
Ethereum private key stealer on PyPI downloaded over 1,000 times
A malicious Python Package Index (PyPI) package named "set-utils" has been stealing Ethereum private keys through intercepted wallet creation functions and exfiltrating them via the Polygon blockchain ...
SecurityWeek1 天
Beware of DeepSeek Hype: It’s a Breeding Ground for Scammers
The rise of DeepSeek brought immense potential for innovation and growth, but has also created opportunities for scammers to ...
来自MSN11 个月
PyPI stops signing up new users to try and block malware campaign
Python Package Index (PyPI), the largest repository of Python packages, has once again been forced to suspend new account and new project registrations. Cybersecurity experts from both Checkmarx ...
Developer Tech7 天
Python package ‘set-utils’ targets Ethereum wallets
A malicious package designed to steal private keys for Ethereum wallets has been uncovered within the Python Package Index ...
来自MSN2 个月
AWS keys stolen by malicious PyPI package with thousands of downloads
Researchers discover three-year old malicious package in PyPI The package is a typosquatted version of Fabric, with 37,000 downloads Its goal is to steal AWS login credentials from the developers ...