The Record

Python team fixes bug that allowed takeover of PyPI repository

The Python security team has fixed today three vulnerabilities impacting the Python Package Index (PyPI), the official repository for Python libraries, including one that could have allowed a threat ...
マイナビニュース

不正なPythonパッケージをPyPIに44個発見、利用の有無の確認を

Check Point Software Technologiesは6月16日(米国時間)、「PyPI Suspends New Registrations After Malicious Python Script Attack」において、PyPI (Python Package ...
GitHub

Error: The 'sklearn' PyPI package is deprecated, use 'scikit-learn' rather than 'sklearn ...

pip install fails due to error The 'sklearn' PyPI package is deprecated, use 'scikit-learn' rather than 'sklearn' for pip commands. ⇒ pip install emerge-viz ..snip ...
マイナビニュース

マルウェアを含む悪意あるパッケージの概要

ESETによるとこれら悪意のあるパッケージは合計1万回以上ダウンロードされており、2023年5月以降は平均して約80回/日の ...
Bleeping Computer

Hackers target Python devs in phishing attacks using fake PyPI site

The Python Software Foundation warned users this week that threat actors are trying to steal their credentials in phishing attacks using a fake Python Package Index (PyPI) website. PyPI is a ...