Security researchers at JFrog have discovered a simple technique for distributing malicious payloads via the PyPI package repository. The method involves re-registering malicious packages on PyPI using the names of legitimate packages that have been removed, allowing adversaries to pass off rogue packages as legitimate. This approach, called ‘Revival Hijack’, doesn’t rely on victims making mistakes and is an easy supply chain attack. JFrog’s investigations found 22,000 potentially vulnerable packages on PyPI. They recommend prohibition of the reuse of abandoned package names.
Edelson Lechtzin LLP Is Investigating Claims On Behalf Of Oracle Health Customers Whose Data May Have Been Compromised
National class action law firm Edelson Lechtzin LLP is investigating data privacy violations at Oracle Health. In February 2025, Oracle Health discovered a security breach
