The Python Package Index (PyPI) has introduced new protections against domain resurrection attacks that enable hijacking accounts through password resets. PyPI is the official repository for ...

The Python Software Foundation warned users this week that threat actors are trying to steal their credentials in phishing attacks using a fake Python Package Index (PyPI) website. PyPI is a ...

A newly uncovered malicious package on the Python Package Index (PyPI) has raised fresh concerns about the security of open source software repositories. The package, named “dbgpkg,” was discovered by ...

PyPI is popular among Python programmers for sharing and downloading code. Since anyone can contribute to the repository, malware – sometimes posing as legitimate, popular code libraries – can appear ...

Newly discovered campaign takes advantage of the fact that most vulnerability scanning tools don't read compiled open-source software. Attackers who are targeting open-source package repositories like ...

Several harmful Python .whl files containing a new type of malware called “Kekw” have been discovered on PyPI (Python Package Index). According to new data by Cyble Research and Intelligence Labs ...

Researchers have uncovered yet another supply chain attack targeting an open source code repository, showing that the technique, which has gained wide use in the past few years, isn’t going away any ...

Security researchers have identified a previously unknown group dubbed "JuiceLedger" as the threat actor behind a recent and first-known phishing campaign specifically targeting users of the Python ...

PyPI or the Python Package Index is giving away 4,000 Google Titan security keys as part of its move to mandatory two-factor authentication (2FA) for critical projects built in the Python programming ...

PyPI—the open source repository that both large and small organizations use to download code libraries—was hosting 11 malicious packages that were downloaded more than 41,000 times in one of the ...