The Python Software Foundation warned users this week that threat actors are trying to steal their credentials in phishing attacks using a fake Python Package Index (PyPI) website.

A malicious Python package named 'fabrice' has been present in the Python Package Index (PyPI) since 2021, stealing Amazon Web Services credentials from unsuspecting developers.

Conclusion PyPI continues to be abused by cyberattackers to compromise Python programmers’ devices. This campaign displays a variety of techniques being used to include malware in Python packages.

This ongoing assault, initially discovered in early August, has revealed an insidious trend of cyber-criminals infiltrating the Python Package Index (PyPI), a repository for open-source Python ...

A new malicious campaign has been found on the Python Package Index (PyPI) open-source repository involving 24 malicious packages that closely imitate three popular open-source tools: vConnector, ...

Japanese cybersecurity officials warned that North Korea's infamous Lazarus Group hacking team recently waged a supply chain attack targeting the PyPI software repository for Python apps.