devops
Shai-Hulud copycat campaign targets Python developers through PyPI typosquatting
Source:
about.gitlab.com 1 min read
Share
You are reading a summary. The full content is hosted on about.gitlab.com.
GitLab found a coordinated PyPI supply chain attack deploying a Shai-Hulud malware copy via four typosquat packages and a weaponized legitimate project, mflux-streamlit. The install-time payload steals CI/CD and cloud credentials and self-propagates to other repos and registries, and PyPI removed the malicious releases.
Read the full article on the original website
External link to about.gitlab.com
