Beebom

How to Install Windows Package Manager on Windows 10 and 11

The Windows Package Manager aka the Winget tool comes pre-installed on Windows 11. For Windows 10, you need to install the App Installer package from the Microsoft Store. We have added some Winget ...
bitnewsbot

Malicious PyPI Packages Uncovered: Supply Chain Risk for Python

Cybersecurity researchers have found harmful software in the official Python Package Index (PyPI) and npm package repositories, putting software supply chains at risk. The packages, called termncolor ...
FedScoop

GSA inks governmentwide deal with AWS, touting $1B in potential savings

Attendees walk through an expo hall at AWS re:Invent 2023, a conference hosted by Amazon Web Services, at The Venetian Las Vegas on November 28, 2023 in Las Vegas, Nevada. (Photo by Noah Berger/Getty ...
FedScoop

Federal agencies can buy ChatGPT for $1; New deal with AWS brings $1B in potential credits for agencies

The General Services Administration has been on a roll lately, negotiating what it calls OneGov agreements with some of the federal government’s biggest IT vendors. On Thursday, GSA announced it has ...
CSOonline

Malicious PyPI package targets Chimera users to steal AWS tokens, CI/CD secrets

“Chimera-sandbox-extensions” exploit highlights rising risks of open-source package abuse, prompting calls for stricter dependency controls and DGA malware detection. A malicious Python package posing ...
The Hacker News

PyPI, npm, and AI Tools Exploited in Malware Surge Targeting DevOps and Cloud Environments

Cybersecurity researchers from SafeDep and Veracode detailed a number of malware-laced npm packages that are designed to execute remote code and download additional payloads. The packages in question ...
Bleeping Computer

Malicious PyPI packages abuse Gmail, websockets to hijack systems

Seven malicious PyPi packages were found using Gmail's SMTP servers and WebSockets for data exfiltration and remote command execution. The packages were discovered by Socket's threat research team, ...
The Hacker News

GCP Cloud Composer Bug Let Attackers Elevate Access via Malicious PyPI Packages

Cybersecurity researchers have detailed a now-patched vulnerability in Google Cloud Platform (GCP) that could have enabled an attacker to elevate their privileges in the Cloud Composer workflow ...
Bleeping Computer

Malicious PyPI package with 37,000 downloads steals AWS keys

A malicious Python package named 'fabrice' has been present in the Python Package Index (PyPI) since 2021, stealing Amazon Web Services credentials from unsuspecting developers. According to ...
GitHub

Unintended install of public pypi.org packages when trying to install private packages from gitlabs pypi registry

When installing packages from a private registry in gitlab (specifically gitlab) that have name-conflicts with pypi.org (another package with the same name exists on pypi.org) uv tries to install the ...
Computer Weekly

PyPI loophole puts thousands of packages at risk of compromise

Thousands of applications that have taken advantage of open source Python Package Index (PyPI) software packages may be at risk of hijacking and subversion by malicious actors, opening up the ...