Episode Details
Back to Episodes
Malicious Packages Steal Dev Secrets | Tech News
Description
Shady devs are dropping fake packages on npm and PyPI to steal API keys and secrets—especially from payment gateways like PaySafe and Skrill. These malicious tools sneak into your build pipelines, run silently, and send stolen credentials to hidden servers. Attackers disguise them as legit SDKs, use layered encryption to hide their C2 servers, and even skip scanning if they detect a test environment. Security teams should watch for these specific infrastructures—because once they’re in, they’re running with your keys.
Listen in comfort:
Get a discount on a Soli Pillow: http://solipillow.com/discount/dnn.
Advertise on DNN:
advertise@thednn.ai
This is an automated, high-level news summary based on public reporting.
Report issues to feedback@thednn.ai.
View sources & latest updates:
https://sources.thednn.ai/b007e892cdfd0d54