Malicious PyPI Packages Stole Cloud Tokens—Over 14,100 Downloads Before Removal

go2damax March 15, 2025

Cybersecurity researchers have warned of a malicious campaign targeting users of the Python Package Index (PyPI) repository with bogus libraries masquerading as “time” related utilities, but harboring hidden functionality to steal sensitive data such as cloud access tokens.
Software supply chain security firm ReversingLabs said it discovered two sets of packages totaling 20 of them. The packages

About The Author

go2damax

See author's posts

Post Views: 1

Categories

go2damax

Leave a Reply Cancel reply

Related Stories

Chinese Volt Typhoon Hackers Infiltrated US Electric Utility for Nearly a Year

Meta Warns of FreeType Vulnerability (CVE-2025-27363) With Active Exploitation Risk

WARNING: Expiring Root Certificate May Disable Firefox Add-Ons, Security Features, and DRM Playback

AF themes

You may have missed

Chinese Volt Typhoon Hackers Infiltrated US Electric Utility for Nearly a Year

WARNING: Expiring Root Certificate May Disable Firefox Add-Ons, Security Features, and DRM Playback

Meta Warns of FreeType Vulnerability (CVE-2025-27363) With Active Exploitation Risk

Modat launches premier product, Modat Magnify for Cybersecurity Professionals

About AF themes

Recent Posts

Connect with Us

About The Author

Leave a Reply Cancel reply

Related Stories

You may have missed