top of page
This site was designed with the
.com
website builder. Create your website today.
Start Now
Home
Posts
About
More
Use tab to navigate through the menu items.
Explain IT Again
Search
ALL POSTS
All Posts
News
PyPI Supply Chain Attack Exploits Malware Startup Hooks at Scale
Key Findings Coordinated PyPI supply chain attack compromised multiple popular open-source packages through maintainer account takeover Malware uses Python startup hooks (.pth files) to execute automatically during installation without requiring explicit package imports 448 affected artifacts identified spanning both npm and PyPI registries Threat actors dubbed the Hades cluster, part of broader Shai-Hulud and Miasma malware lineage Socket malware detection systems identified
Jun 7
3 min read
bottom of page