DevBleepingComputerabout 2 hours ago

New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

1 min read

Hackers compromised 19 PyPI packages, including bioinformatics tools Dynamo and CoolBox, in the Shai-Hulud supply-chain attack. The malware uses a.pth file and obfuscated JavaScript to steal developer secrets, with execution triggered simply by starting Python. Socket discovered the campaign, which now totals 453 malicious artifacts.

Level

Hype check

Tap to vote and see what everyone thinks.

#pypi #supply-chain #malware

Read full story

More to chew on!

Techabout 6 hours ago

'Hades' Campaign Against PyPI Puts New Spin on Shai-Hulud

AIabout 2 hours ago

Microsoft open source tools hacked to steal passwords