Bleeping Computer

Malicious ‘Lolip0p’ PyPi packages install info-stealing malware

A threat actor has uploaded to the PyPI (Python Package Index) repository three malicious packages that carry code to drop info-stealing malware on developers' systems. The malicious packages, ...
The Hacker News

Legacy Python Bootstrap Scripts Create Domain-Takeover Risk in Multiple PyPI Packages

The disclosure comes as HelixGuard discovered a malicious package in PyPI named "spellcheckers" that claims to be a tool for ...
GitHub

[BUG] can not use private pypi repo to install package(same as offical pypi package)

uv add utensils --extra-index-url https://user:[email protected]:8000/simple --allow-insecure-host=100.64.0.1 warning: Indexes specified via `--extra-index-url` will not be persisted to the ...
GitHub

[Build]: PyPI install difficulty on MacOS Sequoia 15.4

While trying to use openvino provided from PyPI, I get the following error: $ python -c 'import openvino' Traceback (most recent call last): ... '.../libopenvino.2460 ...
Security Boulevard

Unveiling BlazeStealer Malware Python Packages on PyPI

In a recent revelation, a cluster of malicious Python packages has infiltrated the Python Package Index (PyPI), posing a significant threat to developers’ systems by aiming to pilfer sensitive ...
Ars Technica

More malicious packages posted to online repository. This time it’s PyPI

Researchers have uncovered yet another supply chain attack targeting an open source code repository, showing that the technique, which has gained wide use in the past few years, isn’t going away any ...
Bleeping Computer

PyPI urges users to reset credentials after new phishing attacks

The Python Software Foundation has warned victims of a new wave of phishing attacks using a fake Python Package Index (PyPI) website to reset credentials. Accessible at pypi.org, PyPI is the default ...