![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhLFThBVEc7CSkilijAy01RzPcy-KuZVYP2Uu4dm5_MwYrxGsBelJIvWvuUFOCPRkO8m03vzQONeH69uCB2PVekPn9-ADPNae8kgsHU7JEvnaE1IJ6GHJD0RwaWByeSENRv5R07-Goc-UZHmFLv6475qDYy0FCtW7dzxkXtIoPQ9HR_ZywWEs2tTSAmc5OA/s1600/sython.jpg)
A dormant package available on the Python Package Index (PyPI) repository was updated nearly after two years to propagate an information stealer malware called Nova Sentinel.
The package, named django-log-tracker, was first published to PyPI in April 2022, according to software supply chain security firm Phylum, which detected an anomalous update to the library on February 21,
Source:: The Hackers News