This week in malware we discovered and analyzed 120 packages flagged as malicious, suspicious, or dependency confusion attacks.
As a follow-up to our coverage last week, new details emerged regarding a phishing campaign that sought to steal account credentials of PyPI maintainers and lace their packages with malware.
Article Link: This Week in Malware - A PyPI Phishing Follow-up Plus 120 Packages