はてなブックマーク

Summary¶ The ctx hosted project on PyPI was taken over via user account compromise and replaced with a malicious project which contained runtime code which collected the content of os.environ.items() when instantiating Ctx objects. The captured environment variables were sent as a base64 encoded query parameter to a heroku application running at https://anti-theft-web.herokuapp.com. Between 2022-0