ReversingLabs has identified several malicious Python packages on the Python Package Index (PyPI) open source repository. In all, ReversingLabs researchers uncovered 24 malicious packages imitating ...

After a recent discovery of malicious PyPI packages, questions remain about the security community’s ability to mitigate threats posed to open source repositories. The threat of software supply chain ...

Thousands of applications that have taken advantage of open source Python Package Index (PyPI) software packages may be at risk of hijacking and subversion by malicious actors, opening up the ...

The scanners tasked with weeding out malicious contributions to packages distributed via the popular open source code repository Python Package Index (PyPI) create a significant number of false alerts ...

The Python Package Index (PyPI) registry has removed several Python packages this week aimed at stealing users' credit card numbers, Discord tokens, and granting code execution capabilities to ...

An analysis of the Python code committed to PyPI packages has revealed the presence of thousands of hardcoded credentials, code security firm GitGuardian warns. Working together with security ...

Phylumはこのほど、「Phylum Discovers Dozens More PyPI Packages Attempting to Deliver W4SP Stealer in Ongoing Supply-Chain Attack」において、サプライチェーン攻撃を行うためにマルウェアを配信している悪意のあるPyPI (Python Package ...

Threat researchers have found a rapidly updated malicious Python package on PyPI masquerading as a legitimate software-development kit (SDK) from cybersecurity firm SentinelOne, but actually contains ...