Over the weekend, Phylum’s automated risk detection alerted us to a series of publications surrounding packages on PyPI, all purporting to be some kind of cloud provider SDK or helper package. While these packages do, in fact, provide the purported functionality, they also surreptitiously ship the credentials off to
This is an automated archive.
The original was posted on /r/netsec by /u/louis11 on 2023-10-10 18:31:21+00:00.