Popular PyPI Package 'ctx' and PHP Library 'phpass' Hijacked to Steal AWS Keys


In yet another instance of a software supply chain attack targeting the open source ecosystem, two trojanized Python and PHP packages have been discovered.

“ctx,” a Python module available in the PyPi repository, is one of the packages in question. The other is “phpass,” a PHP package that has been forked on GitHub and used to spread a malicious update. Read More…