News

The Hacker News3h

20 Popular npm Packages With 2 Billion Weekly Downloads Compromised in Supply Chain Attack

According to ReversingLabs' 2025 Software Supply Chain Security Report, 14 of the 23 crypto-related malicious campaigns in ...
WeLiveSecurity1y

A pernicious potpourri of Python packages in PyPI - WeLiveSecurity

The past year has seen over 10,000 downloads of malicious packages hosted on the official Python package repository, ESET research finds.
Infosecurity-magazine.com2y

VMConnect: Python PyPI Threat Imitates Popular Modules

A new malicious campaign has been found on the Python Package Index (PyPI) open-source repository involving 24 malicious packages that closely imitate three popular open-source tools: vConnector, ...
How-To Geek on MSN8d

How to Use Libraries in Python to Do More With Less Code

Libraries are collections of shared code. They're common in Python, where they're also called "modules," but they're also ...
Infosecurity-magazine.com2y

Malicious PyPI Packages Use Compiled Python Code to Bypass Detection

The method introduces another supply chain vulnerability for the future, as most security tools solely scan Python source code (PY) files, making them susceptible to missing such attacks. Zanki said ...
CSOonline2y

Malicious package flood on PyPI might be sign of new attacks to come

Over the weekend an attacker has been uploading thousands of malicious Python packages on the public PyPI (Python Package Index) software repository.
Bleeping Computer3y

PyPI mandates 2FA for critical projects, developer pushes back

On Friday, the Python Package Index (PyPI), repository of open source Python projects announced plans to rollout two factor authentication for maintainers of "critical" projects. Although many ...
Ars Technica7y

Devs unknowingly use “malicious” modules snuck into official Python ...

Devs unknowingly use “malicious” modules snuck into official Python repository Code packages available in PyPI contained modified installation scripts.