The Python module “ctx” and a fork of the PHP library “phpass” have recently been modified by an unknown attacker to grab AWS credentials/keys and send them to a Heroku app. But what at first seemed like the work of a malicious actor turned out to be an exploit by a security researcher, who wanted to demonstrate how easy it is to take control of popular packages and the repositories hosting them. In this Help … More
The post Hijacking of popular ctx and phpass packages reveals open source security gaps appeared first on Help Net Security.
