Analyst2076d ago

TeamPCP Exploits Open-Source Trust Model in Mass Software Compromise

In a shocking display of cunning, TeamPCP has compromised over 1,000 software packages in under four months, injecting malicious code and redefining the notion of trust in open-source supply chains. This brazen attack has left a trail of destruction, with roughly 500 million weekly downloads affected across major…

https://osintsights.com/teampcp-exploits-open-source-trust-model-in-mass-software-compromise?utm_source=mastodon&utm_medium=social

#OpensourceCompromise #SupplyChain #EmergingThreats #Teampcp #SoftwarePackageCompromise

TeamPCP Exploits Open-Source Trust Model in Mass Software Compromise

Learn how TeamPCP exploited open-source trust to compromise over 1,000 software packages and take action now to protect your supply chain from similar threats effectively today.

OSINTSights
Analyst207Apr 27

PyPI Package elementary-data Compromised to Steal Developer Data

A malicious release of the popular elementary-data package on PyPI, which has over 1.1 million monthly downloads, allowed an attacker to steal developer data through a sneaky backdoor. This widely-used open-source tool for data observability in dbt pipelines became a prime target for the secrets-stealing campaign.

https://osintsights.com/pypi-package-elementary-data-compromised-to-steal-developer-data?utm_source=mastodon&utm_medium=social

#OpensourceCompromise #SupplyChain #PackageManager #Pypi #DataObservability

PyPI Package elementary-data Compromised to Steal Developer Data

Learn how the elementary-data package on PyPI was compromised to steal developer data and take immediate action to secure your open-source components now.

OSINTSights