The Hacker News

Legacy Python Bootstrap Scripts Create Domain-Takeover Risk in Multiple PyPI Packages

The disclosure comes as HelixGuard discovered a malicious package in PyPI named "spellcheckers" that claims to be a tool for ...
ZDNet

Twelve malicious Python libraries found and removed from PyPI

A software security engineer has identified 12 Python libraries uploaded on the official Python Package Index (PyPI) that contained malicious code. The 12 packages have been discovered in two separate ...
Bleeping Computer

PyPI urges users to reset credentials after new phishing attacks

The Python Software Foundation has warned victims of a new wave of phishing attacks using a fake Python Package Index (PyPI) website to reset credentials. Accessible at pypi.org, PyPI is the default ...
GitHub

mwangidyce/real_python_reader

The Real Python Feed Reader is a basic web feed reader that can download the latest Real Python tutorials from the Real Python feed. For more information see the tutorial How to Publish an Open-Source ...
GitHub

A simple sheet with commands to streamline the workflow process when working on python projects and docker.

Notifications You must be signed in to change notification settings A simple repository - mainly containing a sheet with commands, to streamline the workflow process when working on Python projects.
cybernews

Python packages posing as DeepSeek contain nasty surprise

Malicious packages are infecting Python repositories and target developers and engineers looking to integrate DeepSeek into their work. DeepSeek has recently upended the artificial intelligence (AI) ...
ZDNet

Two malicious Python libraries caught stealing SSH and GPG keys

The Python security team removed two trojanized Python libraries from PyPI (Python Package Index) that were caught stealing SSH and GPG keys from the projects of infected developers. The two libraries ...