The Python Package Index (PyPI), a key repository for open-source developers, suspended new project creation and user registration following a surge of package uploads containing malicious code. The suspension lasted 10 hours. Security firm Checkmarx reported that the attack likely involved automated uploads of harmful packages using a method called typosquatting, which relies on user typos when entering package names. This isn’t the first instance of such a threat facing the software development ecosystem, with a similar attack targeting GitHub last month.
Week in review: Two Cisco ASA zero-days exploited, MITRE breach, GISEC Global 2024
Cisco ASA devices were targeted by hackers using two zero-days to install backdoors. Also, an attack using Ivanti zero-day vulnerabilities resulted in a breach at