Bleeping Computer

Malicious ‘SentinelOne’ PyPI package steals data from developers

Threat actors have published a malicious Python package on PyPI, named 'SentinelOne,' that pretends to be the legitimate SDK client for the trusted American cybersecurity firm but, in reality, steals ...
Dark Reading

Stealthy, Thieving Python Packages Slither Onto Windows Systems

A threat actor has been delivering a "relentless campaign" since early April to seed the software supply chain with hundreds of malicious Python packages aimed at stealing sensitive data and ...