Malicious Release of elementary-data PyPI Package Steals Cloud Credentials from Data Engineers
2mo agoen
Source
SnykMalicious Release of elementary-data PyPI Package Steals Cloud Credentials from Data Engineerssnyk.ioAttackers exploited a GitHub Actions script injection vulnerability to publish a malicious version of the elementary-data Python CLI (v0.23.3), embedding a credential-stealing backdoor that targeted dbt profiles, cloud provider keys, and SSH secrets from data engineering environments.
You might also wanna read
PyPI Package 'Lightning' Compromised in Supply Chain Attack Affecting AI/ML Developers
The PyPI package 'lightning', a widely-used deep learning framework, was compromised in a supply chain attack affecting versions 2.6.2 and 2
Critical Security Alert: Malicious Credential-Stealing File Found in litellm 1.82.8 PyPI Package
The article reports a critical security vulnerability in the litellm==1.82.8 Python package on PyPI, which contains a malicious .pth file th
The case for GitHub Actions security after recent supply chain attacks
Datadog·1mo ago
PyPI Supply Chain Attacks Expand: New Malicious Packages Target Bioinformatics and MCP Developers
Socket Threat Research team identified a new wave of PyPI supply chain attacks (Mini Shai-Hulud, Miasma, and Hades) that has expanded beyond
Critical RCE vulnerability CVE-2026-3854 discovered in GitHub's internal git infrastructure
Wiz Research discovered a critical vulnerability (CVE-2026-3854) in GitHub's internal git infrastructure affecting both GitHub.com and GitHu
Security Analysis: CodeRabbit Vulnerability Led to RCE and Access to 1 Million Repositories
A detailed security disclosure explaining how researchers achieved remote code execution on CodeRabbit's production servers, leaked API toke

Comments
Sign in to join the conversation.
No comments yet. Be the first.