Open source packages with millions of installs hacked to harvest AWS credentials
ITPro reports:
Software developers and cyber security experts have discovered a new software supply chain hack that is attempting to harvest Amazon Web Services (AWS) cloud credentials.
The compromise of two popular open-source packages – Python’s eight-year-old CTX and PHP’s phpass – has led to developers scrambling to understand their exposure to the threat.
A combined 3 million users are believed to be affected by the compromise of the open-source packages and there is already a report of the attack affecting one business.
Read more at ITPro.