Bleeping Computer

Popular Python and PHP libraries hijacked to steal AWS keys

PyPI module 'ctx' that gets downloaded over 20,000 times a week has been compromised in a software supply chain attack with malicious versions stealing the developer's environment variables. The ...
heise online

Whatsapp vulnerability allows script execution

A security vulnerability in the current version of WhatsApp for Windows allows Python and PHP attachments to be sent. When the recipient opens these, the scripts start automatically without any ...
Bleeping Computer

WhatsApp for Windows lets Python, PHP scripts execute with no warning

A security issue in the latest version of WhatsApp for Windows allows sending Python and PHP attachments that are executed without any warning when the recipient opens them. For the attack to be ...
Computing

PyPI package 'ctx' and PHP library 'phpass' hijacked to obtain AWS keys

Security researchers this week identified two corrupt Python and PHP packages in what appears to be yet another instance of a software supply chain attack targeting the open-source ecosystem. Python ...