Malicious PyPI Packages Drop Malware in Supply Chain Attack
Attacks on Software Supply Chains To Increase in Severity in 2023: Report - Spiceworks
Apiiro's AI engine detected a software supply chain attack in PyPI
Python's PyPI registry suffers another supply-chain attack - Security - Software - iTnews
Actors behind PyPI supply chain attack have been active since late 2021 | Ars Technica
Finding malicious PyPI packages through static code analysis: Meet GuardDog | Datadog Security Labs
Dependency confusion attack mounted via PyPi repo exposes flawed package installer behavior | The Daily Swig
PyPI packages hijacked after developers fall for phishing emails
Supply Chain Attack: CTX and PHPass | Orca Research Pod
PyPI Phishing Campaign | JuiceLedger Threat Actor Pivots From Fake Apps to Supply Chain Attacks - SentinelOne
Supply Chain Attack Using Identical PyPI Packages, “colorslib”, “httpslib”, and “libhttps” | FortiGuard Labs
Supply Chain Attack Using Identical PyPI Packages Spotted
Supply Chain Attack Detected in PyPI Library
How to secure your Python software supply chain - Artefact
W4SP continues to nest in PyPI: Same supply chain attack, different distribution method
New malicious packages in PyPI: What it means for securing open source repositories
The Python 2 Threat in Your Supply Chain Is Real
Software Supply Chain Attacks, Part 2 | Debricked
PyPI and npm Flooded With Over 5,000 Dependency Confusion Copycats
Chris R. on LinkedIn: Supply Chain Attack Using Identical PyPI Packages, “colorslib”…
Avoid Supply Chain Attacks From Dependency Confusion or Namesquatting
More Supply Chain Attacks via New Malicious Python Packages in PyPi | Fortinet Labs
Supply Chain Attack Using Identical PyPI Packages Spotted
