A malicious Python package named 'fabrice' has been present in the Python Package Index (PyPI) since 2021, stealing Amazon Web Services credentials from unsuspecting developers.

The Python Package Index (PyPI) registry has removed three malicious Python packages aimed at exfiltrating environment variables and dropping trojans on the infected machines. These malicious ...

Nir Cohen describes Wagon, which takes Python wheels, packages them together, adds metadata, and allows for offline extraction and installation.

Cybersecurity researchers at ReversingLabs found two malicious packages, “bitcoinlibdbfix” and “bitcoinlib-dev”, which cumulatively have around 2,000 downloads.

Written in Rust, the PyApp utility wraps up Python programs into self-contained click-to-run executables. It might be the ...

All-in-one Python project management tool written in Rust aims to replace pip, venv, and more. Here's a first look.

The PyPI package flood is just the latest in a string of attacks on public repositories with the intent to plant malicious code.

Three malicious packages hosted in the Python Package Index (PyPI) code repository have been uncovered, which collectively have more than 12,000 downloads – and presumably slithered into ...

Malicious Python packages found exfiltrating user data to Telegram bot Appears to be part of a wider operation by crime gang based in Iraq, say Checkmarx researchers ...

Hackers are once again targeting Python developers involved in the blockchain industry in an attempt to distribute malware and steal tokens. A new report from cybersecurity researchers at ...