The Python Package Index (PyPI) has introduced new protections against domain resurrection attacks that enable hijacking ...

PyPI unverified 1,800 emails since June 2025 to block expired-domain attacks, strengthening open-source supply chain security.

To make mail hijacking more difficult, PyPI has been checking domain validity since June. In case of doubt, an abandoned email address loses its verification.

PyPI malware termncolor and colorinal downloaded 884 times exploit DLL side-loading, persistence, and C2 communication.

The scans used by the Python Package Index (PyPI) to find malware fail to catch 41% of bad packages, while creating plentiful false positives.

The package, "lr-utils-lib," was uploaded to the Python Package Index (PyPi) early in June, and conceals its malicious code in the setup file, Checkmarx explained in a blog post on July 26 ...

This time, the repository was PyPI, short for the Python Package Index, which is the official software repository for the Python programming language.

Although there is nothing special about code executing on a machine, when this code is executed is a significant detail from a security standpoint.

All-in-one Python project management tool written in Rust aims to replace pip, venv, and more. Here's a first look.