PyPI says it invalidated all PyPI tokens stolen from GitHub repos by a malicious action on September 5 in a supply attack known as GhostAction.

Navigazione
- Categorie
- Recenti
- Mondo
- Ultime miste
- Tag
- Popolare
- Utenti
- Gruppi
- Preferiti
Account
- Registrati
- Accedi

Navigazione
- Categorie
- Recenti
- Mondo
- Ultime miste
- Tag
- Popolare
- Utenti
- Gruppi
- Preferiti
Account
- Registrati
- Accedi

Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you have been placed in read-only mode.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

PyPI says it invalidated all PyPI tokens stolen from GitHub repos by a malicious action on September 5 in a supply attack known as GhostAction.

Pianificato Fissato Bloccato Spostato
Senza categoria

1 1 0

C
131

0

C

campuscodi@mastodon.social

PyPI says it invalidated all PyPI tokens stolen from GitHub repos by a malicious action on September 5 in a supply attack known as GhostAction.
The PyPI team says none of the tokens were abused to upload malware to their registry.

Token Exfiltration Campaign via GitHub Actions Workflows - The Python Package Index Blog

Incident report of a recent attack campaign targeting GitHub Actions workflows to exfiltrate PyPI tokens, our response, and steps to protect your projects.

(blog.pypi.org)
0
C cybersecurity@poliverso.org ha condiviso questa discussione