Lazarus Exploits Typos to Sneak PyPI Malware into Dev Systems
The notorious North Korean state-backed hacking group Lazarus uploaded four packages to the Python Package Index (PyPI) repository with the goal of infecting developer systems with malware.
The packages, now taken down, are pycryptoenv, pycryptoconf, quasarlib, and swapmempool. They have been collectively downloaded 3,269 times, with pycryptoconf accounting for the most
2024-02-29 08:17:00
Ultralytics AI Library Compromised: Cryptocurrency Miner Found in PyPI Versions
Ultralytics AI Library Compromised: Cryptocurrency Miner Found in PyPI Versions In yet another software supply chain attack, it has come to light that two versions of a popular Python artificial intelligence (AI) library named ultralytics Read more…
0 Comments