https://www.theregister.com/2024/09/09/predator_spyware_trump_crypto/
Mon 9 Sep 2024 // 02:00 UTC Pasting from the above: PyPI hijack exposes 22K+ packages to takeover attacks Security researchers monitoring open source packages have spotted nasty folk waiting for a package to be deleted and re-creating the repository with a malicious version. Dubbed "revival hijack" by researchers at JFrog, the tactic involves abusing the Python Package Index's (PyPI) package registration system. "This attack technique involves hijacking PyPI software packages by manipulating the option to re-register them once they're removed from PyPI's index by the original owner," the JFroggers wrote. The DevOps and security firm estimates there are around 22,000 packages in PyPI vulnerable to a revive hijack attack, and the researchers noted they've already spotted the technique being used in the wild to infect the pingdomv3 package. -- You received this message because you are subscribed to the Google Groups "sage-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to sage-devel+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/sage-devel/CAGUWgD98JQp5i8CVqvzW8TZnuNWubaPN_kqMcvySwban7X0BDw%40mail.gmail.com.
