Telegram Group & Telegram Channel
Telegram Group Β» China Β» Python Community Β» Telegram Webview Β» Post 2637
Python Community
🚨 Атака Π½Π° PyPI, npm ΠΈ RubyGems: сотни врСдоносных ΠΏΠ°ΠΊΠ΅Ρ‚ΠΎΠ² Π² ΠΎΡ„ΠΈΡ†ΠΈΠ°Π»ΡŒΠ½Ρ‹Ρ… рССстрах

πŸ” Π˜ΡΡΠ»Π΅Π΄ΠΎΠ²Π°Ρ‚Π΅Π»ΠΈ ΠΎΠ±Π½Π°Ρ€ΡƒΠΆΠΈΠ»ΠΈ ΠΌΠ°ΡΡΠΎΠ²ΡƒΡŽ кампанию ΠΏΠΎ Ρ€Π°Π·ΠΌΠ΅Ρ‰Π΅Π½ΠΈΡŽ врСдоносных Π±ΠΈΠ±Π»ΠΈΠΎΡ‚Π΅ΠΊ Π² популярных экосистСмах:

πŸ§ͺ Π§Ρ‚ΠΎ ΠΏΡ€ΠΎΠΈΠ·ΠΎΡˆΠ»ΠΎ:
β€’ На npm ΠΎΠΏΡƒΠ±Π»ΠΈΠΊΠΎΠ²Π°Π½Ρ‹ Ρ„Π΅ΠΉΠΊΠΎΠ²Ρ‹Π΅ вСрсии Π±ΠΈΠ±Π»ΠΈΠΎΡ‚Π΅ΠΊ Π²Ρ€ΠΎΠ΄Π΅ Hardhat, ΠΊΡ€Π°Π΄ΡƒΡ‰ΠΈΠ΅ ΠΏΡ€ΠΈΠ²Π°Ρ‚Π½Ρ‹Π΅ ΠΊΠ»ΡŽΡ‡ΠΈ ΠΈ .env
β€’ Π’ PyPI появились ΠΊΠ»ΠΎΠ½Ρ‹ requests, urllib3 ΠΈ Π΄Ρ€., с врСдоносными вставками
β€’ Π’ RubyGems β€” Π±ΠΎΠ»Π΅Π΅ 700 ΠΏΠ°ΠΊΠ΅Ρ‚ΠΎΠ², ΠΈΡΠΏΠΎΠ»ΡŒΠ·ΡƒΡŽΡ‰ΠΈΡ… тайпосквоттинг (`activesupportt`, httpartyy ΠΈ Ρ‚.Π΄.)

🎯 ЦСль β€” Ρ€Π°Π·Ρ€Π°Π±ΠΎΡ‚Ρ‡ΠΈΠΊΠΈ. ΠŸΠ°ΠΊΠ΅Ρ‚Ρ‹ ΡΠΎΠ±ΠΈΡ€Π°ΡŽΡ‚:
– ΠΌΠ½Π΅ΠΌΠΎΠ½ΠΈΠΊΠΈ
– ΠΏΡ€ΠΈΠ²Π°Ρ‚Π½Ρ‹Π΅ ΠΊΠ»ΡŽΡ‡ΠΈ
– ΠΊΠΎΠ½Ρ„ΠΈΠ³ΠΈ AWS/GCP
– ΡΠΈΡΡ‚Π΅ΠΌΠ½ΡƒΡŽ ΠΈΠ½Ρ„ΠΎΡ€ΠΌΠ°Ρ†ΠΈΡŽ

πŸ›‘ Π§Ρ‚ΠΎ Π΄Π΅Π»Π°Ρ‚ΡŒ:
– ΠŸΡ€ΠΎΠ²Π΅Ρ€ΡΠΉ названия ΠΏΠ°ΠΊΠ΅Ρ‚ΠΎΠ² (тайпосквоттинг β€” Π³Π»Π°Π²Π½Ρ‹ΠΉ ΠΏΡ€ΠΈΡ‘ΠΌ)
– Запускай pip audit, npm audit, bundler audit
– Π˜ΡΠΏΠΎΠ»ΡŒΠ·ΡƒΠΉ Π²ΠΈΡ€Ρ‚ΡƒΠ°Π»ΡŒΠ½Ρ‹Π΅ окруТСния ΠΈ ΠΌΠΈΠ½ΠΈΠΌΡƒΠΌ ΠΏΡ€Π°Π²
– Подпиши зависимости, Π³Π΄Π΅ это Π²ΠΎΠ·ΠΌΠΎΠΆΠ½ΠΎ (Π½Π°ΠΏΡ€ΠΈΠΌΠ΅Ρ€, Ρ‡Π΅Ρ€Π΅Π· Sigstore)

πŸ“Œ ΠŸΠΎΠ΄Ρ€ΠΎΠ±Π½Π΅Π΅ (https://thehackernews.com/2025/06/malicious-pypi-npm-and-ruby-packages.htm)

@Python_Community_ru
www.tg-me.com/cn/Python Community/com.Python_Community_ru/2637
935 views



tg-me.com/Python_Community_ru/2637
Create:
Last Update:

🚨 Атака Π½Π° PyPI, npm ΠΈ RubyGems: сотни врСдоносных ΠΏΠ°ΠΊΠ΅Ρ‚ΠΎΠ² Π² ΠΎΡ„ΠΈΡ†ΠΈΠ°Π»ΡŒΠ½Ρ‹Ρ… рССстрах

πŸ” Π˜ΡΡΠ»Π΅Π΄ΠΎΠ²Π°Ρ‚Π΅Π»ΠΈ ΠΎΠ±Π½Π°Ρ€ΡƒΠΆΠΈΠ»ΠΈ ΠΌΠ°ΡΡΠΎΠ²ΡƒΡŽ кампанию ΠΏΠΎ Ρ€Π°Π·ΠΌΠ΅Ρ‰Π΅Π½ΠΈΡŽ врСдоносных Π±ΠΈΠ±Π»ΠΈΠΎΡ‚Π΅ΠΊ Π² популярных экосистСмах:

πŸ§ͺ Π§Ρ‚ΠΎ ΠΏΡ€ΠΎΠΈΠ·ΠΎΡˆΠ»ΠΎ:
β€’ На npm ΠΎΠΏΡƒΠ±Π»ΠΈΠΊΠΎΠ²Π°Π½Ρ‹ Ρ„Π΅ΠΉΠΊΠΎΠ²Ρ‹Π΅ вСрсии Π±ΠΈΠ±Π»ΠΈΠΎΡ‚Π΅ΠΊ Π²Ρ€ΠΎΠ΄Π΅ Hardhat, ΠΊΡ€Π°Π΄ΡƒΡ‰ΠΈΠ΅ ΠΏΡ€ΠΈΠ²Π°Ρ‚Π½Ρ‹Π΅ ΠΊΠ»ΡŽΡ‡ΠΈ ΠΈ .env
β€’ Π’ PyPI появились ΠΊΠ»ΠΎΠ½Ρ‹ requests, urllib3 ΠΈ Π΄Ρ€., с врСдоносными вставками
β€’ Π’ RubyGems β€” Π±ΠΎΠ»Π΅Π΅ 700 ΠΏΠ°ΠΊΠ΅Ρ‚ΠΎΠ², ΠΈΡΠΏΠΎΠ»ΡŒΠ·ΡƒΡŽΡ‰ΠΈΡ… тайпосквоттинг (`activesupportt`, httpartyy ΠΈ Ρ‚.Π΄.)

🎯 ЦСль β€” Ρ€Π°Π·Ρ€Π°Π±ΠΎΡ‚Ρ‡ΠΈΠΊΠΈ. ΠŸΠ°ΠΊΠ΅Ρ‚Ρ‹ ΡΠΎΠ±ΠΈΡ€Π°ΡŽΡ‚:
– ΠΌΠ½Π΅ΠΌΠΎΠ½ΠΈΠΊΠΈ
– ΠΏΡ€ΠΈΠ²Π°Ρ‚Π½Ρ‹Π΅ ΠΊΠ»ΡŽΡ‡ΠΈ
– ΠΊΠΎΠ½Ρ„ΠΈΠ³ΠΈ AWS/GCP
– ΡΠΈΡΡ‚Π΅ΠΌΠ½ΡƒΡŽ ΠΈΠ½Ρ„ΠΎΡ€ΠΌΠ°Ρ†ΠΈΡŽ

πŸ›‘ Π§Ρ‚ΠΎ Π΄Π΅Π»Π°Ρ‚ΡŒ:
– ΠŸΡ€ΠΎΠ²Π΅Ρ€ΡΠΉ названия ΠΏΠ°ΠΊΠ΅Ρ‚ΠΎΠ² (тайпосквоттинг β€” Π³Π»Π°Π²Π½Ρ‹ΠΉ ΠΏΡ€ΠΈΡ‘ΠΌ)
– Запускай pip audit, npm audit, bundler audit
– Π˜ΡΠΏΠΎΠ»ΡŒΠ·ΡƒΠΉ Π²ΠΈΡ€Ρ‚ΡƒΠ°Π»ΡŒΠ½Ρ‹Π΅ окруТСния ΠΈ ΠΌΠΈΠ½ΠΈΠΌΡƒΠΌ ΠΏΡ€Π°Π²
– Подпиши зависимости, Π³Π΄Π΅ это Π²ΠΎΠ·ΠΌΠΎΠΆΠ½ΠΎ (Π½Π°ΠΏΡ€ΠΈΠΌΠ΅Ρ€, Ρ‡Π΅Ρ€Π΅Π· Sigstore)

πŸ“Œ ΠŸΠΎΠ΄Ρ€ΠΎΠ±Π½Π΅Π΅ (https://thehackernews.com/2025/06/malicious-pypi-npm-and-ruby-packages.htm)

@Python_Community_ru

BY Python Community




Share with your friend now:
tg-me.com/Python_Community_ru/2637

View MORE
Open in Telegram


Python Community Telegram | DID YOU KNOW?

Date: |

A project of our size needs at least a few hundred million dollars per year to keep going,” Mr. Durov wrote in his public channel on Telegram late last year. β€œWhile doing that, we will remain independent and stay true to our values, redefining how a tech company should operate.

China’s stock markets are some of the largest in the world, with total market capitalization reaching RMB 79 trillion (US$12.2 trillion) in 2020. China’s stock markets are seen as a crucial tool for driving economic growth, in particular for financing the country’s rapidly growing high-tech sectors.Although traditionally closed off to overseas investors, China’s financial markets have gradually been loosening restrictions over the past couple of decades. At the same time, reforms have sought to make it easier for Chinese companies to list on onshore stock exchanges, and new programs have been launched in attempts to lure some of China’s most coveted overseas-listed companies back to the country.

Python Community from cn


🚨 Атака Π½Π° PyPI

 Python Community TG
Webview: 2637
Python Community.Telegram Webview
Python Community Telegram TG Channel
Telegram Updated:
Telegram Python Community
FROM USA