Cybersecurity investigators have alerted about a harmful initiative aimed at individuals utilizing the Python Package Index (PyPI) repository, featuring fraudulent libraries disguised as “time” related tools, yet concealing ulterior capabilities to extract sensitive information like cloud access tokens.
Software supply chain security company ReversingLabs revealed that it identified two groups of packages comprising a total of 20. The packages