It’s not a secret if you publish it on PyPI
Python packages can contain sensitive information. Here's how software development teams can keep secrets secret
Karlo Zanki
Reverse Engineer at ReversingLabs
Posts from Karlo Zanki
It’s not a secret if you publish it on PyPI
Coinminer and npm: What you see is not always what you get
Package repository content can be different from source code repository content. Here's what your software team needs to know.
Groundhog day: NPM package caught stealing browser passwords
This blog discusses the process used to find another NPM package that steals saved Chrome browser passwords.
Third-party code comes with some baggage
Recognizing risks introduced by statically linked third-party libraries
Spotting malicious Excel4 macros
Relying on legacy functionalities comes with inherent security risks
Malware in images: When you can’t see 'the whole picture'
Taidoor - a truly persistent threat
When malware lasts longer than your washing machine
Hidden Cobra - from a shed skin to the viper’s nest
Enriching public threat intelligence