AWS keys are being stolen from Python librarie

Users should be cautious when a GitHub repository that hasn’t been modified in almost a decade suddenly receives a “update,” since it could be a hostile takeover with the goal of spreading

That’s what happened to the “ctx” PyPI module, which has reportedly received millions of downloads. Someone replaced the secure “ctx” code with an updated version

Versions of “phpass” that were released to the PHP/Composer package repository Packagist were also “updated” in the same way, in addition to “ctx.”

CTX is a Python module that hasn’t been updated since 2014. The module was then updated eight years later, on May 15, with malicious code