Multiple malicious Python packages available on the PyPI repository were caught stealing sensitive information like AWS credentials and transmitting it to publicly exposed endpoints accessible by ...

Nir Cohen describes Wagon, which takes Python wheels, packages them together, adds metadata, and allows for offline extraction and installation.

PyApp seems to be taking the Python world by storm, providing long-awaited click-and-run Python distribution. For developers who need a little more versatility, there’s uv. Find these tools and more ...

A software security engineer has identified 12 Python libraries uploaded on the official Python Package Index (PyPI) that contained malicious code. The 12 packages have been discovered in two ...

In a new twist on software supply chain attacks, researchers have discovered a Python package hiding malware inside of compiled code, allowing it to evade ordinary detection measures. On April 17 ...

Written in Rust, the PyApp utility wraps up Python programs into self-contained click-to-run executables. It might be the ...

The malicious package downloads an image from the Web, then uses a steganography module to extract and execute the code to download malware.

The Python Package Index (PyPI) has introduced new protections against domain resurrection attacks that enable hijacking ...

Malicious Python packages found exfiltrating user data to Telegram bot Appears to be part of a wider operation by crime gang based in Iraq, say Checkmarx researchers ...

Hackers are once again targeting Python developers involved in the blockchain industry in an attempt to distribute malware and steal tokens. A new report from cybersecurity researchers at ...