Almost a million people around the world have fallen victim to a highly organized fraud campaign, which scammed them out of some $50 million in the past couple of years. According to a report from SRLabs, a group of cyber-criminals, supported by a wider network of affiliates, were organized into a crime ring dubbed BogusBazaar. … Read more
Python Package Index (PyPI), the largest repository of Python packages, has once again been forced to suspend new account and new project registrations. Cybersecurity experts from both Checkmarx and Check Point observed a large-scale cyberattack in which threat actors tried to upload hundreds of malicious packages to the platform, in an attempt to compromise software … Read more
Cybersecurity researchers from Checkmarx have discovered a new infostealing campaign that leveraged typosquatting and stolen GitHub accounts to distribute malicious Python packages to the PyPI repository. In a blog post, Tal Folkman, Yehuda Gelb, Jossef Harush Kadouri, and Tzachi Zornshtain of Checkmarx said they discovered the campaign after a Python developer complained about falling victim … Read more