MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
package
Search

Malicious PyPI package targets Chimera users to steal AWS tokens, CI/CD secrets

Tuesday June 17, 2025. 02:38 PM , from InfoWorld
A malicious Python package posing as a harmless add-on for the Chimera sandbox environment, an integrated machine learning experimentation and development tool, is helping threat actors steal sensitive corporate credentials.

According to new research findings from software supply chain and DevOps company JFrog, the package “chimera-sandbox-extensions”, recently uploaded to the popular PyPI repository, contains a stealthy, multi-stage info-stealer.
Read more at InfoWorld
https://www.csoonline.com/article/4008240/malicious-pypi-package-targets-chimera-users-to-steal-aws-...

Related News

package Minnesota Shooting Suspect Allegedly Used Data Broker Sites to Find Targets’ Addresses Wired: Tech.Jun 17
steal 'Ghost' Students are Enrolling in US Colleges Just to Steal Financial Aid SlashdotJun 15
chimera This Chatbot Tool Pays Users $50 a Month for Their Feedback on AI Models Wired: Tech.Jun 13
malicious [$] FAIR package management for WordPress LWN.netJun 12
pypi First-ever zero-click attack targets Microsoft 365 Copilot ComputerWorldJun 12
secrets Asia dismantles 20,000 malicious domains in infostealer crackdown TheRegisterJun 11
aws Databricks targets AI bottlenecks with Lakeflow Designer InfoWorldJun 11
tokens Astronomers Are Using Artificial Intelligence to Unlock the Secrets of Black Holes Wired: Tech.Jun 11
users 40,000 IoT Cameras Worldwide Stream Secrets To Anyone With a Browser SlashdotJun 11
targets Apple releases Containerization, a Swift package for running Linux containers on macOS OS NewsJun 10
package 4chan, file-sharing services among first targets of UK's "Online Safety" law BoingBoingJun 10
steal ChatGPT users wake to find it's even more wrong, slower than usual TheRegisterJun 10
chimera Cloud brute-force attack cracks Google users' phone numbers in minutes TheRegisterJun 10
malicious Peep show: 40K IoT cameras worldwide stream secrets to anyone with a browser TheRegisterJun 10
pypi New AI tool targets critical hole in thousands of open source apps InfoWorldJun 9
secrets Chrome extension privacy promises undone by hardcoded secrets, leaky HTTP ComputerWorldJun 9
aws Mozilla Criticizes Meta's 'Invasive' Feed of Users' AI Prompts, Demands Its Shutdown SlashdotJun 8
tokens Linux Mint 22.2 gets smart fingerprint login and gives Windows 11 users yet another reason to switch BetaNewsJun 8
users Cybercriminals Are Hiding Malicious Web Traffic in Plain Sight SlashdotJun 7
targets Cybercriminals Are Hiding Malicious Web Traffic in Plain Sight Wired: Tech.Jun 6
News copyright owned by their original publishers | Copyright © 2004 - 2025 Zicos / 440Network
Current Date
Jun, Tue 17 - 22:49 CEST