Telegram Group & Telegram Channel
Telegram Group Β» Korea Β» Python Community Β» Telegram Webview Β» Post 2637
Python Community
🚨 Атака Π½Π° PyPI, npm ΠΈ RubyGems: сотни врСдоносных ΠΏΠ°ΠΊΠ΅Ρ‚ΠΎΠ² Π² ΠΎΡ„ΠΈΡ†ΠΈΠ°Π»ΡŒΠ½Ρ‹Ρ… рССстрах

πŸ” Π˜ΡΡΠ»Π΅Π΄ΠΎΠ²Π°Ρ‚Π΅Π»ΠΈ ΠΎΠ±Π½Π°Ρ€ΡƒΠΆΠΈΠ»ΠΈ ΠΌΠ°ΡΡΠΎΠ²ΡƒΡŽ кампанию ΠΏΠΎ Ρ€Π°Π·ΠΌΠ΅Ρ‰Π΅Π½ΠΈΡŽ врСдоносных Π±ΠΈΠ±Π»ΠΈΠΎΡ‚Π΅ΠΊ Π² популярных экосистСмах:

πŸ§ͺ Π§Ρ‚ΠΎ ΠΏΡ€ΠΎΠΈΠ·ΠΎΡˆΠ»ΠΎ:
β€’ На npm ΠΎΠΏΡƒΠ±Π»ΠΈΠΊΠΎΠ²Π°Π½Ρ‹ Ρ„Π΅ΠΉΠΊΠΎΠ²Ρ‹Π΅ вСрсии Π±ΠΈΠ±Π»ΠΈΠΎΡ‚Π΅ΠΊ Π²Ρ€ΠΎΠ΄Π΅ Hardhat, ΠΊΡ€Π°Π΄ΡƒΡ‰ΠΈΠ΅ ΠΏΡ€ΠΈΠ²Π°Ρ‚Π½Ρ‹Π΅ ΠΊΠ»ΡŽΡ‡ΠΈ ΠΈ .env
β€’ Π’ PyPI появились ΠΊΠ»ΠΎΠ½Ρ‹ requests, urllib3 ΠΈ Π΄Ρ€., с врСдоносными вставками
β€’ Π’ RubyGems β€” Π±ΠΎΠ»Π΅Π΅ 700 ΠΏΠ°ΠΊΠ΅Ρ‚ΠΎΠ², ΠΈΡΠΏΠΎΠ»ΡŒΠ·ΡƒΡŽΡ‰ΠΈΡ… тайпосквоттинг (`activesupportt`, httpartyy ΠΈ Ρ‚.Π΄.)

🎯 ЦСль β€” Ρ€Π°Π·Ρ€Π°Π±ΠΎΡ‚Ρ‡ΠΈΠΊΠΈ. ΠŸΠ°ΠΊΠ΅Ρ‚Ρ‹ ΡΠΎΠ±ΠΈΡ€Π°ΡŽΡ‚:
– ΠΌΠ½Π΅ΠΌΠΎΠ½ΠΈΠΊΠΈ
– ΠΏΡ€ΠΈΠ²Π°Ρ‚Π½Ρ‹Π΅ ΠΊΠ»ΡŽΡ‡ΠΈ
– ΠΊΠΎΠ½Ρ„ΠΈΠ³ΠΈ AWS/GCP
– ΡΠΈΡΡ‚Π΅ΠΌΠ½ΡƒΡŽ ΠΈΠ½Ρ„ΠΎΡ€ΠΌΠ°Ρ†ΠΈΡŽ

πŸ›‘ Π§Ρ‚ΠΎ Π΄Π΅Π»Π°Ρ‚ΡŒ:
– ΠŸΡ€ΠΎΠ²Π΅Ρ€ΡΠΉ названия ΠΏΠ°ΠΊΠ΅Ρ‚ΠΎΠ² (тайпосквоттинг β€” Π³Π»Π°Π²Π½Ρ‹ΠΉ ΠΏΡ€ΠΈΡ‘ΠΌ)
– Запускай pip audit, npm audit, bundler audit
– Π˜ΡΠΏΠΎΠ»ΡŒΠ·ΡƒΠΉ Π²ΠΈΡ€Ρ‚ΡƒΠ°Π»ΡŒΠ½Ρ‹Π΅ окруТСния ΠΈ ΠΌΠΈΠ½ΠΈΠΌΡƒΠΌ ΠΏΡ€Π°Π²
– Подпиши зависимости, Π³Π΄Π΅ это Π²ΠΎΠ·ΠΌΠΎΠΆΠ½ΠΎ (Π½Π°ΠΏΡ€ΠΈΠΌΠ΅Ρ€, Ρ‡Π΅Ρ€Π΅Π· Sigstore)

πŸ“Œ ΠŸΠΎΠ΄Ρ€ΠΎΠ±Π½Π΅Π΅ (https://thehackernews.com/2025/06/malicious-pypi-npm-and-ruby-packages.htm)

@Python_Community_ru
www.tg-me.com/kr/Python Community/com.Python_Community_ru/2637
935 views



tg-me.com/Python_Community_ru/2637
Create:
Last Update:

🚨 Атака Π½Π° PyPI, npm ΠΈ RubyGems: сотни врСдоносных ΠΏΠ°ΠΊΠ΅Ρ‚ΠΎΠ² Π² ΠΎΡ„ΠΈΡ†ΠΈΠ°Π»ΡŒΠ½Ρ‹Ρ… рССстрах

πŸ” Π˜ΡΡΠ»Π΅Π΄ΠΎΠ²Π°Ρ‚Π΅Π»ΠΈ ΠΎΠ±Π½Π°Ρ€ΡƒΠΆΠΈΠ»ΠΈ ΠΌΠ°ΡΡΠΎΠ²ΡƒΡŽ кампанию ΠΏΠΎ Ρ€Π°Π·ΠΌΠ΅Ρ‰Π΅Π½ΠΈΡŽ врСдоносных Π±ΠΈΠ±Π»ΠΈΠΎΡ‚Π΅ΠΊ Π² популярных экосистСмах:

πŸ§ͺ Π§Ρ‚ΠΎ ΠΏΡ€ΠΎΠΈΠ·ΠΎΡˆΠ»ΠΎ:
β€’ На npm ΠΎΠΏΡƒΠ±Π»ΠΈΠΊΠΎΠ²Π°Π½Ρ‹ Ρ„Π΅ΠΉΠΊΠΎΠ²Ρ‹Π΅ вСрсии Π±ΠΈΠ±Π»ΠΈΠΎΡ‚Π΅ΠΊ Π²Ρ€ΠΎΠ΄Π΅ Hardhat, ΠΊΡ€Π°Π΄ΡƒΡ‰ΠΈΠ΅ ΠΏΡ€ΠΈΠ²Π°Ρ‚Π½Ρ‹Π΅ ΠΊΠ»ΡŽΡ‡ΠΈ ΠΈ .env
β€’ Π’ PyPI появились ΠΊΠ»ΠΎΠ½Ρ‹ requests, urllib3 ΠΈ Π΄Ρ€., с врСдоносными вставками
β€’ Π’ RubyGems β€” Π±ΠΎΠ»Π΅Π΅ 700 ΠΏΠ°ΠΊΠ΅Ρ‚ΠΎΠ², ΠΈΡΠΏΠΎΠ»ΡŒΠ·ΡƒΡŽΡ‰ΠΈΡ… тайпосквоттинг (`activesupportt`, httpartyy ΠΈ Ρ‚.Π΄.)

🎯 ЦСль β€” Ρ€Π°Π·Ρ€Π°Π±ΠΎΡ‚Ρ‡ΠΈΠΊΠΈ. ΠŸΠ°ΠΊΠ΅Ρ‚Ρ‹ ΡΠΎΠ±ΠΈΡ€Π°ΡŽΡ‚:
– ΠΌΠ½Π΅ΠΌΠΎΠ½ΠΈΠΊΠΈ
– ΠΏΡ€ΠΈΠ²Π°Ρ‚Π½Ρ‹Π΅ ΠΊΠ»ΡŽΡ‡ΠΈ
– ΠΊΠΎΠ½Ρ„ΠΈΠ³ΠΈ AWS/GCP
– ΡΠΈΡΡ‚Π΅ΠΌΠ½ΡƒΡŽ ΠΈΠ½Ρ„ΠΎΡ€ΠΌΠ°Ρ†ΠΈΡŽ

πŸ›‘ Π§Ρ‚ΠΎ Π΄Π΅Π»Π°Ρ‚ΡŒ:
– ΠŸΡ€ΠΎΠ²Π΅Ρ€ΡΠΉ названия ΠΏΠ°ΠΊΠ΅Ρ‚ΠΎΠ² (тайпосквоттинг β€” Π³Π»Π°Π²Π½Ρ‹ΠΉ ΠΏΡ€ΠΈΡ‘ΠΌ)
– Запускай pip audit, npm audit, bundler audit
– Π˜ΡΠΏΠΎΠ»ΡŒΠ·ΡƒΠΉ Π²ΠΈΡ€Ρ‚ΡƒΠ°Π»ΡŒΠ½Ρ‹Π΅ окруТСния ΠΈ ΠΌΠΈΠ½ΠΈΠΌΡƒΠΌ ΠΏΡ€Π°Π²
– Подпиши зависимости, Π³Π΄Π΅ это Π²ΠΎΠ·ΠΌΠΎΠΆΠ½ΠΎ (Π½Π°ΠΏΡ€ΠΈΠΌΠ΅Ρ€, Ρ‡Π΅Ρ€Π΅Π· Sigstore)

πŸ“Œ ΠŸΠΎΠ΄Ρ€ΠΎΠ±Π½Π΅Π΅ (https://thehackernews.com/2025/06/malicious-pypi-npm-and-ruby-packages.htm)

@Python_Community_ru

BY Python Community




Share with your friend now:
tg-me.com/Python_Community_ru/2637

View MORE
Open in Telegram


Python Community Telegram | DID YOU KNOW?

Date: |

To pay the bills, Mr. Durov is issuing investors $1 billion to $1.5 billion of company debt, with the promise of discounted equity if the company eventually goes public, the people briefed on the plans said. He has also announced plans to start selling ads in public Telegram channels as soon as later this year, as well as offering other premium services for businesses and users.

At a time when the Indian stock market is peaking and has rallied immensely compared to global markets, there are companies that have not performed in the last 10 years. These are definitely a minor portion of the market considering there are hundreds of stocks that have turned multibagger since 2020. What went wrong with these stocks? Reasons vary from corporate governance, sectoral weakness, company specific and so on. But the more important question is, are these stocks worth buying?

Python Community from kr


🚨 Атака Π½Π° PyPI

 Python Community TG
Webview: 2637
Python Community.Telegram Webview
Python Community Telegram TG Channel
Telegram Updated:
Telegram Python Community
FROM USA