Source |
Security Affairs |
Identifiant |
5384302 |
Date de publication |
2022-06-25 17:52:29 (vue: 2022-06-25 18:05:17) |
Titre |
Multiple malicious packages in PyPI repository found stealing AWS secrets |
Texte |
>Researchers discovered multiple malicious Python packages in the official PyPI repository stealing AWS credentials and other info. Sonatype researchers discovered multiple Python packages in the official PyPI repository that have been developed to steal secrets (i.e. AWS credentials and environment variables) and also upload these to a publicly exposed endpoint. The malicious packages, which were […]
|
Envoyé |
Oui |
Condensat |
>researchers also aws been credentials developed discovered endpoint environment exposed found have info malicious multiple official other packages publicly pypi python repository researchers secrets sonatype steal stealing these upload variables which |
Tags |
|
Stories |
|
Notes |
|
Move |
|