News

The Hacker News2mon

Malicious PyPI, npm, and Ruby Packages Exposed in Ongoing Open-Source ...

Malicious packages on npm, PyPI, and Ruby exfiltrate wallets, delete projects, and exploit AI tools—threatening developers and CI/CD pipelines.
Bleeping Computer7y

Ten Malicious Libraries Found on PyPI - Python Package Index

The Slovak National Security Office (NBU) has identified ten malicious Python libraries uploaded on PyPI — Python Package Index — the official third-party software repository for the Python ...
GitHub7mon

uv publish error uploading to test.pypi.org due to metadata version ...

An error appears when uploading a package to test.pypi.org: ...
Dark Reading3y

10 Malicious Code Packages Slither into PyPI Registry

Administrators of the Python Package Index (PyPI) have removed 10 malicious software code packages from the registry after a security vendor informed them about the issue. The incident is the ...
Bleeping Computer29d

Hackers target Python devs in phishing attacks using fake PyPI site

The Python Software Foundation warned users this week that threat actors are trying to steal their credentials in phishing attacks using a fake Python Package Index (PyPI) website.
The Hacker News1mon

PyPI Warns of Ongoing Phishing Campaign Using Fake Verification Emails ...

The maintainers of the Python Package Index (PyPI) repository have issued a warning about an ongoing phishing attack that's targeting users in an attempt to redirect them to fake PyPI sites. The ...