GigaTap articles tagged pypi.
- TeamPCP Turns Trusted Developer Channels Into Attack Paths - SANS reports TeamPCP activity across VS Code, PyPI, and npm, including a GitHub internal breach path, trojanized Microsoft SDK versions, and a large @antv
- TrapDoor turns developer tools into credential traps - A cross-ecosystem campaign is abusing npm, PyPI, and Crates.io packages to steal developer secrets, with a newer twist: AI assistant instruction files as p
- TrapDoor Shows How Package Malware Hunts Developer Secrets - Socket reports an active cross-registry campaign using npm, PyPI, and Crates.io packages to steal wallets, tokens, SSH keys, cloud credentials, and develop
- Elementary-data’s bad release: quick triage for Python teams - Chainguard says its customers were not impacted, but anyone who pulled elementary-data 0.23.3 from PyPI (or a related Docker Hub image) should investigate
- PyPI Fixed High-Severity Access Control Bugs Found in a Warehouse Security Audit - A Trail of Bits audit of PyPI’s Warehouse reported two high-severity access-control issues and an OIDC Trusted Publishing replay edge case. PyPI says it fi