InfoWorld

Large language models hallucinating non-existent developer packages could fuel supply chain attacks

Large Language Models (LLMs) have a serious “package hallucination” problem that could lead to a wave of maliciously-coded packages in the supply chain, researchers have discovered in one of the ...
WeLiveSecurity

A pernicious potpourri of Python packages in PyPI

PyPI is popular among Python programmers for sharing and downloading code. Since anyone can contribute to the repository, malware – sometimes posing as legitimate, popular code libraries – can appear ...

Anthropic Backs Python Security With $1.5 Million PSF Partnership

Anthropic committed $1.5 million to the Python Software Foundation to strengthen PyPI and CPython security, targeting ...
Bleeping Computer

Python Package Installation Can Trigger Malicious Code

Although there is nothing special about code executing on a machine, the moment when this code is executed is a significant detail from a security standpoint. The Python programming language allows ...
Infosecurity-magazine.com

Malicious Machine Learning Model Attack Discovered on PyPI

A new campaign exploiting machine learning (ML) models via the Python Package Index (PyPI) has been observed by cybersecurity researchers. ReversingLabs said threat actors are using the Pickle file ...
Dark Reading

Faux ChatGPT, Claude API Packages Deliver JarkaStealer

Two Python packages claiming to integrate with popular chatbots actually transmit an infostealer to potentially thousands of victims. Publishing open source packages with malware hidden inside is a ...
Bleeping Computer

Ten Malicious Libraries Found on PyPI - Python Package Index

The Slovak National Security Office (NBU) has identified ten malicious Python libraries uploaded on PyPI — Python Package Index — the official third-party software repository for the Python ...