Socket
@SocketSecurity
Socket is the #1# software supply chain security platform. Next-gen SCA + SBOM + 0-day prevention. LOVED BY DEVELOPERS. 👀 @npm_malware
加入 November 2021
4.6K 正在關注 16K 粉絲
🚨 The popular PyPI package lightning has been compromised in a supply chain attack.
Socket detected malicious code in versions 2.6.2 and 2.6.3 that executes automatically on import, downloads Bun, and runs an 11 MB obfuscated JavaScript payload designed to steal credentials.
This appears to be connected to yesterday's mini Shai-Hulud attack, but we're still investigating. #Python#
顯示更多
