Bleeping Computer

Backdoored Python Library Caught Stealing SSH Credentials

Barely a week has passed from the last attempt to hide a backdoor in a code library, and we have a new case today. This time around, the backdoor was found in a Python module, and not an npm ...
note

ネットワーク文脈でSSH認証を自動切替する — smart-ssh + OIDC証明書 ...

自宅ではSSH公開鍵認証でサクッと接続、外出先ではYubiKeyタッチ必須のセキュリティキー認証、会社の管理端末ではOIDCデバイスフローで短命証明書を取得——これをコマンドひとつで自動的に切り替えられたら便利だと思いませんか? この記事では ...
ZDNet

Two malicious Python libraries caught stealing SSH and GPG keys

The Python security team removed two trojanized Python libraries from PyPI (Python Package Index) that were caught stealing SSH and GPG keys from the projects of infected developers. The two libraries ...