News

CSOonline2y
Malicious package flood on PyPI might be sign of new attacks to come
Over the weekend an attacker has been uploading thousands of malicious Python packages on the public PyPI (Python Package Index) software repository. If executed on a Windows system, these ...
Ars Technica1y
PyPI halted new users and projects while it fended off supply-chain attack
Ten hours later, it lifted the suspension. Short for the Python Package Index, PyPI is the go-to source for apps and code libraries written in the Python programming language. Fortune 500 ...
Ars Technica2y
Actors behind PyPI supply chain attack have been active since late 2021
The official software repository for the Python language, Python Package Index (PyPI), has been targeted in a complex supply chain attack that appears to have successfully poisoned at least two ...
WeLiveSecurity1y
A pernicious potpourri of Python packages in PyPI
PyPI is popular among Python programmers for sharing and downloading code. Since anyone can contribute to the repository, malware – sometimes posing as legitimate, popular code libraries – can ...
Infosecurity-magazine.com2y
Two Additional Malicious Python Libraries Found on PyPI Repository
Two more malicious Python packages have been discovered in the Python Package Index (PyPI) repository, days after security researchers from Check Point spotted 10 of them. The two additional packages ...