Build script exposes PyPI to domain takeover attacks
Proving the road to takeover is paved with setuptools alternatives, the script for a popular Python package for building and installing PyPI packages leaves them vulnerable.
Vladimir Pezo
-300x300.png&w=640&q=75)
A threat researcher at RL, Vladimir specializes in discovering and investigating software supply chain attacks. He holds a Master's degree in Computer Science, and has a keen interest in the broader field of cybersecurity, especially post-quantum cryptography.
Posts from Vladimir Pezo
Build script exposes PyPI to domain takeover attacks
How PowerShell Gallery simplifies attacks
PowerShell Gallery’s Install-Module command presents one key link in the kill chain of a possible attack.