Popular PyPI Package ‘ctx’ and PHP Library ‘phpass’ Hijacked to Steal AWS Keys
,
Two trojanized Python and PHP packages have been uncovered in what’s yet another instance of a software supply chain attack targeting the open source ecosystem.
One of the packages in question is « ctx, » a Python module available in the PyPi repository. The other involves « phpass, » a PHP package that’s been forked on GitHub to distribute a rogue update.
« In both cases the attacker appears to have
One of the packages in question is « ctx, » a Python module available in the PyPi repository. The other involves « phpass, » a PHP package that’s been forked on GitHub to distribute a rogue update.
« In both cases the attacker appears to have
,
Two trojanized Python and PHP packages have been uncovered in what’s yet another instance of a software supply chain attack targeting the open source ecosystem.
One of the packages in question is « ctx, » a Python module available in the PyPi repository. The other involves « phpass, » a PHP package that’s been forked on GitHub to distribute a rogue update.
« In both cases the attacker appears to have
One of the packages in question is « ctx, » a Python module available in the PyPi repository. The other involves « phpass, » a PHP package that’s been forked on GitHub to distribute a rogue update.
« In both cases the attacker appears to have
, ,
https://thehackernews.com/2022/05/pypi-package-ctx-and-php-library-phpass.html