lightning PyPI Compromise: A Bun-Based Credential Stealer in Python
2mo agoen
Source
Snyklightning PyPI Compromise: A Bun-Based Credential Stealer in Pythonsnyk.ioA malicious release of the lightning PyPI package ships a credential-stealing Bun payload that runs on import. Snyk has a live advisory. Here's what's in the package, what to rotate, and how the payload pattern connects to the Mini Shai-Hulud npm campaign one day earlier.
You might also wanna read
PyPI Package 'Lightning' Compromised in Supply Chain Attack Affecting AI/ML Developers
The PyPI package 'lightning', a widely-used deep learning framework, was compromised in a supply chain attack affecting versions 2.6.2 and 2
Critical Security Alert: Malicious Credential-Stealing File Found in litellm 1.82.8 PyPI Package
The article reports a critical security vulnerability in the litellm==1.82.8 Python package on PyPI, which contains a malicious .pth file th
PyPI Supply Chain Attacks Expand: New Malicious Packages Target Bioinformatics and MCP Developers
Socket Threat Research team identified a new wave of PyPI supply chain attacks (Mini Shai-Hulud, Miasma, and Hades) that has expanded beyond
PyPI Implements New Security Measures to Prevent ZIP Parser Confusion Attacks
The Python Package Index (PyPI) is implementing new restrictions to safeguard Python package installers from ZIP parser confusion attacks. T

Bun v1.0.1
bun.com·2y ago
Hacker uses Trojanized Python and PHP Packages to Steal AWS Keys
Packetlabs·4y ago

Comments
Sign in to join the conversation.
No comments yet. Be the first.