Open source packages with millions of installs hacked to harvest AWS credentials

ITPro reports:

Software developers and cyber security experts have discovered a new software supply chain hack that is attempting to harvest Amazon Web Services (AWS) cloud credentials.

The compromise of two popular open-source packages – Python’s eight-year-old CTX and PHP’s phpass – has led to developers scrambling to understand their exposure to the threat.

A combined 3 million users are believed to be affected by the compromise of the open-source packages and there is already a report of the attack affecting one business.

Read more at ITPro.

About the author: Dissent

Comments are closed.