Open source package with 1 million monthly downloads stole user credentials
ID: 32234ee6-ebfa-53bf-b330-5a40b11fe2b6
STIX ID: report--32234ee6-ebfa-53bf-b330-5a40b11fe2b6
Feed Name: Security - Ars Technica
Threat Score
Urgent advisory: the Python package 'elementary-data' version 0.23.3 is malicious; users must uninstall it, install 0.23.4, delete caches, check for marker files (/tmp/.trinny-security-update on macOS/Linux and %TEMP%\.trinny-security-update on Windows), and rotate any exposed credentials while security teams hunt for unauthorized usage.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.