A pernicious potpourri of Python packages in PyPI The past year has seen over 10,000 downloads of malicious packages hosted on the official Python package repository ...

On Friday, the Python Package Index (PyPI), repository of open source Python projects announced plans to rollout two factor authentication for maintainers of "critical" projects. Although many ...

The Python Software Foundation warned users this week that threat actors are trying to steal their credentials in phishing attacks using a fake Python Package Index (PyPI) website.

The PyPI package flood is just the latest in a string of attacks on public repositories with the intent to plant malicious code.

Written in Rust, the PyApp utility wraps up Python programs into self-contained click-to-run executables. It might be the ...

Image: Getty Images/iStockphoto PyPI or the Python Package Index is giving away 4,000 Google Titan security keys as part of its move to mandatory two-factor authentication (2FA) for critical ...

In a new twist on software supply chain attacks, researchers have discovered a Python package hiding malware inside of compiled code, allowing it to evade ordinary detection measures. On April 17 ...

A new malicious package has been found on the Python Package Index (PyPI) repository that could hide code in images with a steganographic technique and infect users through open-source projects on ...

The package was observed surreptitiously downloading multiple files, including a PyInstaller-packed executable (.exe), which, when unpacked, revealed several Python and DLL files. Among these, three ...

The package targets users of the cloud-based, chimera-sandbox environment, in an attempt to cast a wider net and steal high-value corporate-level credentials.