The PyPI package flood is just the latest in a string of attacks on public repositories with the intent to plant malicious code.

Researchers at security vendor Checkmarx have uncovered an operation, apparently based in Iraq, that uses malware hosted on the Python repository PyPI to search for files on the victim's device ...

10 malicious Python packages exposed in latest repository attack Supply-chain attacks are moving GitHub toward digitally signed packages.

Multiple open source software packages on the Python Package Index (PyPI) repository were found to be malicious, likely compromising thousands of devices, experts have warned.