CSOonline

Malicious package flood on PyPI might be sign of new attacks to come

The PyPI package flood is just the latest in a string of attacks on public repositories with the intent to plant malicious code. Over the weekend an attacker has been uploading thousands of malicious ...
Bleeping Computer

241 npm and PyPI packages caught dropping Linux cryptominers

More than 200 malicious packages have been discovered infiltrating the PyPI and npm open source registries this week. These packages are largely typosquats of widely used libraries and each one of ...
Bleeping Computer

PyPI packages hijacked after developers fall for phishing emails

A phishing campaign caught yesterday was seen targeting maintainers of Python packages published to the PyPI registry. Python packages 'exotel' and 'spam' are among hundreds seen laced with malware ...
TechRadar

Python devs targeted with dangerous phishing attacks - here's how to stay safe

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. Developers who published projects on PyPI with their email in package metadata are being targeted ...
Infosecurity-magazine.com

Python Package Index Faces Security Crisis With Validated Leaks

Security researchers have discovered a total of 3938 unique secrets on PyPI, the official third-party package management system for the Python community, across all projects, with 768 of them ...