"Researchers Find Over 22,000 Removed PyPI Packages at Risk of Revival Hijack"
A new supply chain attack technique named "Revival Hijack" by the software supply chain security company JFrog has been used in the wild to infiltrate downstream organizations. The method could be used to hijack 22,000 existing Python Package Index (PyPI) packages, potentially resulting in "hundreds of thousands" of malicious downloads. It involves hijacking PyPI software packages by manipulating the option to re-register them once the original owner has removed them from the repository. This article continues to discuss the new Revival Hijack supply chain attack technique.
THN reports "Researchers Find Over 22,000 Removed PyPI Packages at Risk of Revival Hijack"
Submitted by grigby1
Submitted by grigby1 CPVI
on