Supply Chain Attack Using Identical Pypi Packages Colorslib Httpslib And Libhttps R

By switzerlandersing On Sep 12, 2025

Supply Chain Attack Using Identical PyPI Packages, “colorslib”, “httpslib”, And “libhttps” : R ...

Supply Chain Attack Using Identical PyPI Packages, “colorslib”, “httpslib”, And “libhttps” : R ... Researchers have discovered a zero day supply chain attack , embedded in three pypi packages, by monitoring an open source ecosystem. Jasmy chain is their optimism l2 chain for jasmy erc20. jasmy nfts will be issued on bifrost (evm multichain net) as links to personal data lockers (pdl) to users who stake jasmy.

Exclusive Networks NA On LinkedIn: Supply Chain Attack Using Identical PyPI Packages, “colorslib”…

Exclusive Networks NA On LinkedIn: Supply Chain Attack Using Identical PyPI Packages, “colorslib”… These packages were uploaded between the 7th and 12th of january 2023 with the names “colorslib,” “httpslib,” and “libhttps.” the malicious packages were uploaded by a threat actor using the alias “lolip0p,” who dropped info stealing malware on targeted devices. In this blog, we showed a single author posting separate python packages that use the same code to launch an attack. the author also positions each package as legitimate and clean by including a convincing project description. A sophisticated malicious package campaign has emerged targeting python and npm users across windows and linux platforms through an unusual cross ecosystem attack strategy. This blog discusses the discovery of malicious pypi and npm packages that exploit software dependencies, enabling supply chain attacks for remote code execution and data exfiltration.

Michael Ibe On LinkedIn: Supply Chain Attack Using Identical PyPI Packages, “colorslib”…

Michael Ibe On LinkedIn: Supply Chain Attack Using Identical PyPI Packages, “colorslib”… A sophisticated malicious package campaign has emerged targeting python and npm users across windows and linux platforms through an unusual cross ecosystem attack strategy. This blog discusses the discovery of malicious pypi and npm packages that exploit software dependencies, enabling supply chain attacks for remote code execution and data exfiltration. A sophisticated supply chain attack targeting the python package index (pypi) has exposed systemic vulnerabilities in open source ecosystems, leveraging the popularity of the colorama library—a tool with over 215 million monthly downloads —to deploy cross platform malware. This latest ransomware attack adds to the growing list of healthcare organizations targeted by malicious actors. The fortiguard labs team has discovered a new 0 day attack embedded in three pypi packages (python package index) called 'colorslib', 'httpslib', and "libhttps". they were found on january 10, 2023, by monitoring an open source ecosystem.

Supply Chain Attack Using Identical PyPI Packages Spotted

Supply Chain Attack Using Identical PyPI Packages Spotted A sophisticated supply chain attack targeting the python package index (pypi) has exposed systemic vulnerabilities in open source ecosystems, leveraging the popularity of the colorama library—a tool with over 215 million monthly downloads —to deploy cross platform malware. This latest ransomware attack adds to the growing list of healthcare organizations targeted by malicious actors. The fortiguard labs team has discovered a new 0 day attack embedded in three pypi packages (python package index) called 'colorslib', 'httpslib', and "libhttps". they were found on january 10, 2023, by monitoring an open source ecosystem.