Bleeping Computer

Hackers target Python devs in phishing attacks using fake PyPI site

The Python Software Foundation warned users this week that threat actors are trying to steal their credentials in phishing attacks using a fake Python Package Index (PyPI) website. PyPI is a ...
Bleeping Computer

PyPI urges users to reset credentials after new phishing attacks

The Python Software Foundation has warned victims of a new wave of phishing attacks using a fake Python Package Index (PyPI) website to reset credentials. Accessible at pypi.org, PyPI is the default ...
techzine

Python PyPi is going to cost money

Python Software Foundation is working on a paid version of PyPi, the official Python package repository. The organization confirmed the news in a job posting for two developers expected to create the ...
The Hacker News

PyPI Warns of Ongoing Phishing Campaign Using Fake Verification Emails and Lookalike Domain

The maintainers of the Python Package Index (PyPI) repository have issued a warning about an ongoing phishing attack that's targeting users in an attempt to redirect them to fake PyPI sites. The ...
GitHub

0.12.0 on PyPI does not have a tar.gz

It's the only version which only has a .whl and not a .tar.gz source: https://pypi.python.org/pypi/django-filter/0.12.0#support As a consequence, one CI environment i am building to is failing when ...
The Hacker News

Malicious PyPI, npm, and Ruby Packages Exposed in Ongoing Open-Source Supply Chain Attacks

Several malicious packages have been uncovered across the npm, Python, and Ruby package repositories that drain funds from cryptocurrency wallets, erase entire codebases after installation, and ...