Threat actors are utilizing an attack called "Revival Hijack," where they register new PyPi projects using the names of previously deleted packages to conduct supply chain attacks.
-
Threat actors are utilizing an attack called "Revival Hijack," where they register new PyPi projects using the names of previously deleted packages to conduct supply chain attacks.
Revival Hijack supply-chain attack threatens 22,000 PyPI packages
Threat actors are utilizing an attack called
BleepingComputer (www.bleepingcomputer.com)
-
VessOnSecurityreplied to BleepingComputer last edited by
@BleepingComputer How exactly did JFrog get a list of the deleted packages? A link to the original research would be nice, although it doesn't answer this question, either.
-
@bontchev @BleepingComputer maybe package registries should standardize that information. #golang #rustlang #npm #pythondev
Copyright © 2024 NodeBB | Contributors