Malicious Python Packages on PyPI Downloaded 39,000+ Times, Steal Sensitive Data

April 5, 2025
No Comments

Malicious Python Packages on PyPI Downloaded 39,000+ Times, Steal Sensitive Data

Cybersecurity researchers have uncovered malicious libraries in the Python Package Index (PyPI) repository that are designed to steal sensitive information.
Two of the packages, bitcoinlibdbfix and bitcoinlib-dev, masquerade as fixes for recent issues detected in a legitimate Python module called bitcoinlib, according to ReversingLabs. A third package discovered by Socket, disgrasya, contained a

Leave a Reply Cancel reply

A Comparative Analysis of Encryption Algorithms in Protecting Sensitive Data April 4, 2025
The proliferation of data breaches and cyberattacks has underscored the importance of robust data protection mechanisms. Encryption is a cornerstone of modern cybersecurity. It provides confidentiality, integrity, and authentication, safeguarding sensitive information from unauthorized access and manipulation. Existing literature extensively covers various aspects of encryption. Schneier’s “Applied Cryptography” (1996) provides a foundational understanding of cryptographic […]
Arfi Siddik Mollashaik
Policy Statement Sheds Light on Upcoming UK Cybersecurity Bill April 4, 2025
A recently released Policy Statement from the UK Secretary of State for the Department for Science, Innovation and Technology, Peter Kyle MP, has provided some guidance over what areas will be prioritized in the UK government’s Cyber Security and Resilience Bill. The Policy Statement focuses on three key areas: expanding the regulatory framework, empowering regulators, […]
Adam Parlett
Fast Flux: The Invisible Cyber Threat Undermining National Security April 4, 2025
Cybersecurity officials in the US, Australia, Canada, New Zealand, and the UK have collectively warned against a new cyber threat dubbed “fast flux.” This tactic is being used by hackers to hide malicious websites and avoid shutdown. What is Fast Flux? Fast flux is a method whereby malicious attackers quickly change the IP addresses that […]
Kirsten Doyle
Europe Hits the Brakes on GDPR: Plans to Slash Red Tape in the Works April 4, 2025
The European Union is preparing to dial back certain provisions of the General Data Protection Regulation (GDPR), one of its most widely known and complex tech legislations, reports Politico The intention is to lighten the regulatory load on businesses, particularly small and medium-sized enterprises (SMEs), and allow them to compete more effectively with those in the U.S., China, and elsewhere. The European Commission will present a proposal in coming weeks to simplify the GDPR. It is a part […]
Kirsten Doyle
Royal Mail Suffers Major Data Breach Involving 144GB of Leaked Files April 4, 2025
The Royal Mail Group, one of the UK’s oldest institutions, is in the hot seat, following an alleged data breach that exposed 144GB of internal and customer information. The leak was announced on 31 March 2025, by a hacker known as “GHNA” on the cybercrime platform Breach Forum. According to Hackread.com, the leaked archive contains […]
Kirsten Doyle
Massive Login Scanning Surge Targets Palo Alto GlobalProtect April 3, 2025
GreyNoise researchers have observed a dramatic surge in login scanning activity targeting Palo Alto Networks PAN-OS GlobalProtect portals. Over the last 30 days, almost 24,000 unique IP addresses have attempted to access these portals. The pattern suggests a coordinated effort to probe network defenses and identify exposed or vulnerable systems, potentially as a precursor to […]
Kirsten Doyle
CISA Warns of Major Vulnerabilities Found in Industrial Control Systems April 3, 2025
The Cybersecurity & Infrastructure Security Agency (CISA) has issued urgent alerts warning of multiple critical vulnerabilities affecting Industrial Control Systems (ICS), including Hitachi Energy MicroSCADA Pro/X SYS600 and Rockwell Automation Lifecycle Services with Veeam Backup and Replication. These security flaws, some remotely exploitable, could allow malicious actors to execute code, manipulate critical files, hijack sessions, […]
Kirsten Doyle
Hacking Verizon Call Records: A Security Breach with National Security Implications April 3, 2025
Security researcher Evan Connelly recently identified a security vulnerability in the Verizon Call Filter iOS app which made it possible for a malicious actor to leak call history logs of Verizon Wireless customers. Call logs can be highly valuable, particularly for nation-states, as they enable intelligence agencies to map social networks, track high-value targets, figure […]
Kirsten Doyle
Cybersecurity’s Greatest Threat Isn’t AI—It’s Us April 3, 2025
On 20 March 2025, I had the honor of moderating an amazing panel of experts during an event co-organized by JOIST Innovation Park, ISC2 Hellenic Chapter, Homo Digitalis, and Charisma Works. I am also grateful that the cybersecurity marketing agency Bora sponsored the event! It was a vivid discussion with the audience asking not only […]
Anastasios Arampatzis
The Ripple Effects of Maryland’s 3% Service Tax on IT Services April 2, 2025
Maryland‘s newly introduced 3% service tax on IT services has sparked significant debate among businesses and policymakers alike. While the tax aims to address the state’s $3.3 billion budget deficit, its implications for the tech industry and broader economy are profound. This tax directly impacts IT consulting, cybersecurity solutions, cloud computing, streaming services, and software […]
David Gilmore

Malicious Python Packages on PyPI Downloaded 39,000+ Times, Steal Sensitive Data

SpotBugs Access Token Theft Identified as Root Cause of GitHub Supply Chain Attack

North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages

Leave a Reply Cancel reply

[email protected]

Malicious Python Packages on PyPI Downloaded 39,000+ Times, Steal Sensitive Data

Malicious Python Packages on PyPI Downloaded 39,000+ Times, Steal Sensitive Data

Share :

Leave a Reply Cancel reply