29 malicious PyPI packages spotted delivering the W4SP Stealer

Cybersecurity researchers discovered 29 malicious PyPI packages delivering the W4SP stealer to developers’ systems. Cybersecurity researchers have discovered 29 packages in the official Python Package Index (PyPI) repository designed to infect developers’ systems with an info-stealing malware dubbed W4SP Stealer. “It appears that these packages are a more sophisticated attempt to deliver the W4SP Stealer on […]

Continue Reading

Le module tarfile est vulnérable | Blog officiel de Kaspersky

En septembre 2022, Trellix a publié un rapport sur une vulnérabilité du module tarfile, qui fait partie de la bibliothèque standard du langage de programmation Python et que n’importe qui peut utiliser. La vulnérabilité permet l’écriture d’un fichier arbitraire dans un dossier arbitraire sur le disque dur et, dans certains cas, l’exécution d’un code malveillant. […]

Continue Reading

Python tarfile vulnerability affects 350,000 open-source projects (CVE-2007-4559)

Trellix Advanced Research Center published its research into CVE-2007-4559, a vulnerability estimated to be present in over 350,000 open-source projects and prevalent in closed-source projects. Successful exploit The vulnerability exists in the Python tarfile module which is a default module in any project using Python and is found extensively in frameworks created by Netflix, AWS, […]

Continue Reading