News
It's not hard to write a Python package that can be installed into an interpreter or virtual environment with pip. This video shows a simple example of how to lay out a project's source code and ...
The method introduces another supply chain vulnerability for the future, as most security tools solely scan Python source code (PY) files, making them susceptible to missing such attacks. Zanki said ...
A malicious package named 'pycord-self' on the Python package index (PyPI) targets Discord developers to steal authentication tokens and plant a backdoor for remote control over the system.
The Python Package Index (PyPI) has introduced new protections against domain resurrection attacks that enable hijacking ...
PyPI unverified 1,800 emails since June 2025 to block expired-domain attacks, strengthening open-source supply chain security.
According to Fortinet, PyPI package Zlibxjson steals Discord tokens and browser data, including passwords and extensive user information ...
Malicious packages aren't new — or particularly rare — in PyPI, but unlike the lot of them, fshec2 contained all of its malicious functionality inside of its compiled code, making it hard to ...
The Python Package Index (PyPI), one of the world’s biggest repositories of Python code, is often abused to holst malicious code, or trick software developers into downloading and running ...
Another day, another malicious package being discovered on the Python Package Index (PyPI) repository. Ax Sharma, a cybersecurity researcher from Sonatype, found a typosquatted version of the ...
PyPI malware termncolor and colorinal downloaded 884 times exploit DLL side-loading, persistence, and C2 communication.
Results that may be inaccessible to you are currently showing.
Hide inaccessible results
Feedback