A pernicious potpourri of Python packages in PyPI The past year has seen over 10,000 downloads of malicious packages hosted on the official Python package repository ...

A malicious package named 'pycord-self' on the Python package index (PyPI) targets Discord developers to steal authentication tokens and plant a backdoor for remote control over the system.

The PyPI package flood is just the latest in a string of attacks on public repositories with the intent to plant malicious code.

Written in Rust, the PyApp utility wraps up Python programs into self-contained click-to-run executables. It might be the ...

A malicious Python package targeting Discord developers with remote access trojan (RAT) malware was spotted on the Python Package Index (PyPI) after more than three years.

This time, the repository was PyPI, short for the Python Package Index, which is the official software repository for the Python programming language.

A new malicious package has been found on the Python Package Index (PyPI) repository that could hide code in images with a steganographic technique and infect users through open-source projects on ...

The malicious package downloads an image from the Web, then uses a steganography module to extract and execute the code to download malware.

According to Fortinet, PyPI package Zlibxjson steals Discord tokens and browser data, including passwords and extensive user information ...

The official software repository for the Python language, Python Package Index (PyPI), has been targeted in a complex supply chain attack that appears to have successfully poisoned at least two ...