The Hacker News

Legacy Python Bootstrap Scripts Create Domain-Takeover Risk in Multiple PyPI Packages

The disclosure comes as HelixGuard discovered a malicious package in PyPI named "spellcheckers" that claims to be a tool for ...
GitHub

Build a Python command line tool from scratch

Packaging Packaging in Python is far from ideal. Because there are a lot of unknowns you might try to avoid it, but there is a lot of useful outcomes from doing pacakging. After packaging a Python ...
GitHub

Build a Python command line tool from scratch

The basis of becoming a better engineer starts with automation. Automate everything. Get into the habit of continuously automating everything that seems like it could be automated. A command line tool ...
ZDNet

Twelve malicious Python libraries found and removed from PyPI

A software security engineer has identified 12 Python libraries uploaded on the official Python Package Index (PyPI) that contained malicious code. The 12 packages have been discovered in two separate ...
ZDNet

Two malicious Python libraries caught stealing SSH and GPG keys

The Python security team removed two trojanized Python libraries from PyPI (Python Package Index) that were caught stealing SSH and GPG keys from the projects of infected developers. The two libraries ...
Infosecurity-magazine.com

PyPI Repository Enforces 2FA for Critical Python Projects

Python Package Index (PyPI), the official third-party open-source repository for Python projects, said it will enforce a mandatory two-factor authentication (2FA) policy for projects categorized as ...
Hosted on MSN

Misspelled a site's name? Cybercriminals are exploiting this to infect your computer with malware - here's how to stay safe

A single typo could let hackers hijack your system using malware hidden in fake packages Cross-platform malware now fools even experienced developers by mimicking trusted open source package names ...