Episode Details

Back to Episodes
Malicious Packages Steal Dev Secrets | Tech News

Malicious Packages Steal Dev Secrets | Tech News

Published 6 days, 11 hours ago
Description

Shady devs are dropping fake packages on npm and PyPI to steal API keys and secrets—especially from payment gateways like PaySafe and Skrill. These malicious tools sneak into your build pipelines, run silently, and send stolen credentials to hidden servers. Attackers disguise them as legit SDKs, use layered encryption to hide their C2 servers, and even skip scanning if they detect a test environment. Security teams should watch for these specific infrastructures—because once they’re in, they’re running with your keys.

Listen in comfort:
Get a discount on a Soli Pillow: http://solipillow.com/discount/dnn.

Advertise on DNN:
advertise@thednn.ai

This is an automated, high-level news summary based on public reporting.
Report issues to feedback@thednn.ai.

View sources & latest updates:
https://sources.thednn.ai/b007e892cdfd0d54

Listen Now

Love PodBriefly?

If you like Podbriefly.com, please consider donating to support the ongoing development.

Support Us