It's not hard to write a Python package that can be installed into an interpreter or virtual environment with pip. This video shows a simple example of how to lay out a project's source code and ...

The method introduces another supply chain vulnerability for the future, as most security tools solely scan Python source code (PY) files, making them susceptible to missing such attacks. Zanki said ...

In a new twist on software supply chain attacks, researchers have discovered a Python package hiding malware inside of compiled code, allowing it to evade ordinary detection measures. On April 17 ...

A malicious package named 'pycord-self' on the Python package index (PyPI) targets Discord developers to steal authentication tokens and plant a backdoor for remote control over the system.

The Python Package Index (PyPI) has introduced new protections against domain resurrection attacks that enable hijacking ...

PyPI unverified 1,800 emails since June 2025 to block expired-domain attacks, strengthening open-source supply chain security.

According to Fortinet, PyPI package Zlibxjson steals Discord tokens and browser data, including passwords and extensive user information ...

The Python Package Index (PyPI), one of the world’s biggest repositories of Python code, is often abused to holst malicious code, or trick software developers into downloading and running ...

PyPI malware termncolor and colorinal downloaded 884 times exploit DLL side-loading, persistence, and C2 communication.

Another day, another malicious package being discovered on the Python Package Index (PyPI) repository. Ax Sharma, a cybersecurity researcher from Sonatype, found a typosquatted version of the ...