First time I read about open-source "star" jacking on Github and the much more nefarious usage of open-source python packages to install malwares.
Interesting read: https://checkmarx.com/blog/starjacking-making-your-new-open-source-package-popular-in-a-snap/
#Python #CyberSecurity #OpenSource
Interesting read: https://checkmarx.com/blog/starjacking-making-your-new-open-source-package-popular-in-a-snap/
#Python #CyberSecurity #OpenSource
StarJacking - Making Your New Open Source Package Popular in a Snap | Checkmarx.com
Checkmarx supply chain security has recently found a malicious PyPi package with more than 70,000 downloads using a technique we dubbed StarJacking - a way to make an open source package instantly look popular by abusing the lack of validation betwee…Tzachi Zornstein (Checkmarx)