「Popular Python and PHP libraries hijacked to steal AWS keys」

PyPI module 'ctx' that gets downloaded over 20,000 times a week has been compromised in a software supply chain attack with malicious versions stealing the developer's environment variables. Additionally, versions of a 'phpass' fork published to the PHP/Composer package repository Packagist had been altered to steal secrets.

PyPI module 'ctx' that gets downloaded over 20,000 times a week has been compromised in a software supply chain attack with malicious versions stealing the developer's environment variables. Additionally, versions of a 'phpass' fork published to the PHP/Composer package repository Packagist had been altered to steal secrets.

www.bleepingcomputer.com

Webページ

コンテンツ文字数:0 文字

見出し数(H2/H3タグ):0 個

閲覧数:103 件

2022-05-25 17:09:00

オリジナルページを開く

B!

タグ一覧
Popular
Python
and
PHP
libraries
hijacked
to
steal
AWS
keysPyPI
module
'ctx'
that
gets
downloaded
over
20
000
times
week
has
been
compromised
in
software
supply
chain
attack
with
malicious
versions
stealing
the
developer's
environment
variables
Additionally
of
'phpass'
fork
published
Composer
package
repository
Packagist
had
altered
secrets
keysPython
library
uploads
Heroku
endpoint
credentials