Dormant PyPI Package Compromised to Spread Nova Sentinel Malware

A dormant package available on the Python Package Index (PyPI) repository was updated nearly after two years to propagate an information stealer malware called Nova Sentinel. The package, named django-log-tracker, was first published to PyPI in April 2022, according to software supply chain security firm Phylum, which detected an anomalous update to the library on February 21,

Posted from: Click here for the full article.

留言

此網誌的熱門文章

Cisco Releases Urgent Patch to Fix Critical Flaw in Emergency Responder Systems

OttoKit WordPress Plugin Admin Creation Vulnerability Under Active Exploitation

CISA Adds NAKIVO Vulnerability to KEV Catalog Amid Active Exploitation