The Register on MSN

New string of phishing attacks targets Python developers

If you recently got an email asking you to verify your credentials to a PyPI site, better change that password The Python Software Foundation warned users of a new string of phishing attacks using a ...
Bleeping Computer

PyPI now blocks domain resurrection attacks used for hijacking accounts

The Python Package Index (PyPI) has introduced new protections against domain resurrection attacks that enable hijacking accounts through password resets. PyPI is the official repository for ...
CSOonline

What is a dictionary attack? And how you can easily stop them

A dictionary attack is a brute-force technique where attackers run through common words and phrases, such as those from a dictionary, to guess passwords. The fact people often use simple, ...
How-To Geek on MSN

Python Package Index Responds to Malware Attack by Invalidating Tokens

The Python Package Index (PyPI), run by the Python Software Foundation, has officially invalidated all the publishing tokens that were stolen in the GhostAction supply chain attack that happened ...
Bleeping Computer

Popular Python and PHP libraries hijacked to steal AWS keys

PyPI module 'ctx' that gets downloaded over 20,000 times a week has been compromised in a software supply chain attack with malicious versions stealing the developer's environment variables. The ...