News

Ars Technica7y
Devs unknowingly use “malicious” modules snuck into official Python ...
A case of mistaken identity. The problem is that packages in the standard Python library should originate only from their official source, rather than being downloaded from third-party ...
InfoWorld3y
Python removes ‘dead batteries’ from standard library
An initiative to remove outdated and unmaintained modules from Python’s standard library has been approved as Python Enhancement Proposal (PEP) 594.The modules being pruned are all antiquated ...
Computing3y
PyPI package 'ctx' and PHP library 'phpass' hijacked to ... - Computing
PyPI package 'ctx' and PHP library 'phpass' hijacked to obtain AWS keys. ... Python Package Index (PyPI) module 'ctx' is one of the packages in question, with over 20,000 downloads each week.
Bleeping Computer3y
Popular Python and PHP libraries hijacked to steal AWS keys
Python's ctx library and a fork of PHP's phpass have been compromised. 3 million users combined. The malicious code sends all the environment variables to a heroku app, likely to mine AWS credentials.
ZDNet5y
Two malicious Python libraries caught stealing SSH and GPG keys
Stealing SSH and GPG keys. According to Martini, the malicious code was present only in the jeIlyfish library. The python3-dateutil package didn't contain malicious code of its own, but it did ...