MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
package
Recherche

Malicious PyPI package targets Chimera users to steal AWS tokens, CI/CD secrets

mardi 17 juin 2025, 14:38 , par InfoWorld
A malicious Python package posing as a harmless add-on for the Chimera sandbox environment, an integrated machine learning experimentation and development tool, is helping threat actors steal sensitive corporate credentials.

According to new research findings from software supply chain and DevOps company JFrog, the package “chimera-sandbox-extensions”, recently uploaded to the popular PyPI repository, contains a stealthy, multi-stage info-stealer.
Lire la suite sur InfoWorld
https://www.csoonline.com/article/4008240/malicious-pypi-package-targets-chimera-users-to-steal-aws-...

Voir aussi

package Minnesota Shooting Suspect Allegedly Used Data Broker Sites to Find Targets’ Addresses Wired: Tech.17 Jun
steal 'Ghost' Students are Enrolling in US Colleges Just to Steal Financial Aid Slashdot15 Jun
chimera This Chatbot Tool Pays Users $50 a Month for Their Feedback on AI Models Wired: Tech.13 Jun
malicious Ces secrets dissimulé dans la présentation de The Outer Worlds 2 fait parler la communauté : c'est un hommage à ces jeux vidéo SF ! JeuxVideo13 Jun
pypi [$] FAIR package management for WordPress LWN.net12 Jun
secrets First-ever zero-click attack targets Microsoft 365 Copilot ComputerWorld12 Jun
aws Asia dismantles 20,000 malicious domains in infostealer crackdown TheRegister11 Jun
tokens Databricks targets AI bottlenecks with Lakeflow Designer InfoWorld11 Jun
users Astronomers Are Using Artificial Intelligence to Unlock the Secrets of Black Holes Wired: Tech.11 Jun
targets 40,000 IoT Cameras Worldwide Stream Secrets To Anyone With a Browser Slashdot11 Jun
package Apple releases Containerization, a Swift package for running Linux containers on macOS OS News10 Jun
steal 4chan, file-sharing services among first targets of UK's "Online Safety" law BoingBoing10 Jun
chimera ChatGPT users wake to find it's even more wrong, slower than usual TheRegister10 Jun
malicious Cloud brute-force attack cracks Google users' phone numbers in minutes TheRegister10 Jun
pypi Peep show: 40K IoT cameras worldwide stream secrets to anyone with a browser TheRegister10 Jun
secrets Du kung-fu au foot : Le prochain jeu de ce studio français a tout pour cartonner et voici ses secrets JeuxVideo 9 Jun
aws La console portable Xbox dévoile tous ses secrets dans cette vidéo de 10 minutes : allez-vous craquer ? JeuxVideo 9 Jun
tokens New AI tool targets critical hole in thousands of open source apps InfoWorld 9 Jun
users Chrome extension privacy promises undone by hardcoded secrets, leaky HTTP ComputerWorld 9 Jun
targets Mozilla Criticizes Meta's 'Invasive' Feed of Users' AI Prompts, Demands Its Shutdown Slashdot 8 Jun
News copyright owned by their original publishers | Copyright © 2004 - 2025 Zicos / 440Network
Date Actuelle
mar. 17 juin - 18:53 CEST