The malicious packages were disguised as legitimate Python packages, and although they have been removed from PyPI, they were downloaded over 3,000 times, compromising thousands of systems.
In July, a security anomaly surfaced when atypical commits, disguised as Dependabot contributions, were detected in numerous GitHub repositories. On closer examination, these commits were found to harbor malicious code, raising serious concerns within the developer community. Diving into Details Threat actors meticulously fabricated commit messages to mimic Dependabot’s automated contributions to mask the malevolent […]