Bleeping Computer

Open source 'Package Analysis' tool finds malicious npm, PyPI packages

The Open Source Security Foundation (OpenSSF), a Linux Foundation-backed initiative has released its first prototype version of the 'Package Analysis' tool that aims to catch and counter malicious ...
InfoQ

Heuristic Static Analysis Tool GuardDog Used to Detect Several Malicious PyPi Packages

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...
CSOonline

Attackers use Python compiled bytecode to evade detection

Newly discovered campaign takes advantage of the fact that most vulnerability scanning tools don't read compiled open-source software. Attackers who are targeting open-source package repositories like ...
Computer Weekly

PyPI loophole puts thousands of packages at risk of compromise

Thousands of applications that have taken advantage of open source Python Package Index (PyPI) software packages may be at risk of hijacking and subversion by malicious actors, opening up the ...