source: https://thehackernews.com/2025/03/malicious-pypi-packages-stole-cloud.html
Cybersecurity researchers have warned of a malicious campaign targeting users of the Python Package Index (PyPI) repository with bogus libraries masquerading as “time” related utilities, but harboring hidden functionality to steal sensitive data such as cloud access tokens.
This can happen to anyone! One tiny typo is all it takes to accidentally download a malicious surprise instead of the package we wanted.
last modified: 2025-12-26