Sonatype detected several malicious Python packages on the PyPI repository that have been stealing sensitive information, including AWS credentials, and uploading it to publicly exposed endpoints. Sonatype has reported the malicious packages to PyPI; the packages have been removed from the repository. More https://blog.sonatype.com/python-packages-upload-your-aws-keys-env-vars-secrets-to-web
Malicious Python Packages Uploaded Data to Publicly Exposed Endpoints
- Post author:System
- Post published:29 June 2022
- Post category:Blog & News