News

The Python Package Index (PyPI) registry has removed three malicious Python packages aimed at exfiltrating environment variables and dropping trojans on the infected machines. These malicious ...
Three malicious packages hosted in the Python Package Index (PyPI) code repository have been uncovered, which collectively have more than 12,000 downloads – and presumably slithered into ...
The malicious package downloads an image from the Web, then uses a steganography module to extract and execute the code to download malware.
Malicious Python Repository Package Drops Cobalt Strike on Windows, macOS & Linux Systems The PyPI "pymafka" package is the latest example of growing attacker interest in abusing widely used open ...
Researchers at security vendor Checkmarx have uncovered an operation, apparently based in Iraq, that uses malware hosted on the Python repository PyPI to search for files on the victim's device ...
Cybersecurity researchers at ReversingLabs found two malicious packages, “bitcoinlibdbfix” and “bitcoinlib-dev”, which cumulatively have around 2,000 downloads.
Hidden Risk PyPI is one of the most popular Python package repositories in the world, with millions of daily downloads and a half-million hosted packages.