Threat analysts have discovered ten malicious Python packages on the PyPI repository, used to infect developer's systems with password-stealing malware. The fake packages used typosquatting to ...

The Python Package Index (PyPI), run by the Python Software Foundation, has officially invalidated all the publishing tokens that were stolen in the GhostAction supply chain attack that happened ...

Administrators of the Python Package Index (PyPI) have removed 10 malicious software code packages from the registry after a security vendor informed them about the issue. The incident is the latest ...

Hackers are once again targeting Python developers involved in the blockchain industry in an attempt to distribute malware and steal tokens. A new report from cybersecurity researchers at Checkmarx ...

The Python Package Index (PyPI) registry has removed three malicious Python packages aimed at exfiltrating environment variables and dropping trojans on the infected machines. These malicious packages ...

Researchers found three malicious PyPI packages, two targeting bitcoin developers, and one WooCommerce stores Two are designed to steal data, and the third to test for valid credit cards All three ...