typosquat

  • An automated risk detection system identified a typosquatting campaign targeting popular Python libraries on PyPI. In two waves with a 20-hour break, the attack deployed over 500 variations with typos in names like requests, TensorFlow, and BeautifulSoup. 

    Read More

  • The Python Package Index was drowning in malicious code again, so they had to shut down registration for cleanup. More software supply-chain security shenanigans: PyPI came under attack earlier, with more than 500 fake packages with similar names to popular ones. Scrotes unknown have been trying to steal cryptocurrency credentials and other secrets.

    Read More