Recently, a novel supply-chain attack was published by security researcher Alex Birsan, detailing how dependency confusion (or "name-squatting") in package managers can be misused in order to execute malicious code on production and development systems. In short, most package managers such as pip and npm do not distinguish between internal packages (hosted on internal company servers) and external ones (hosted on public servers). [...] https://www.vdoo.com/blog/python-wheel-jacking-supply-chain-attacks
Dedicated Forum to help removing adware, malware, spyware, ransomware, trojans, viruses and more!
More Stories
EFF joins Dozens of Organizations Urging More Government Transparency
Interoperability Gains Support at House Hearing on Big Tech Competition
Virginia’s Weak Privacy Bill Is Just What Big Tech Wants