The malicious package downloads an image from the Web, then uses a steganography module to extract and execute the code to download malware.

Cybersecurity researchers at ReversingLabs found two malicious packages, “bitcoinlibdbfix” and “bitcoinlib-dev”, which cumulatively have around 2,000 downloads.

Multiple open source software packages on the Python Package Index (PyPI) repository were found to be malicious, likely compromising thousands of devices, experts have warned.

Based on searches on https://pepy.tech, a site that provides download stats for Python packages, the researchers estimate the malicious packages were downloaded about 30,000 times.

A threat actor has been delivering a "relentless campaign" since early April to seed the software supply chain with hundreds of malicious Python packages aimed at stealing sensitive data and ...

Hackers are once again targeting Python developers involved in the blockchain industry in an attempt to distribute malware and steal tokens. A new report from cybersecurity researchers at ...

Several harmful Python .whl files containing a new type of malware called “Kekw” have been discovered on PyPI (Python Package Index). According to new data by Cyble Research and Intelligence Labs ...

Malicious Python packages found exfiltrating user data to Telegram bot Appears to be part of a wider operation by crime gang based in Iraq, say Checkmarx researchers ...

Python enhancement proposal would incorporate SBOM documents in Python packages as a way to improve dependency tracking and vulnerability analysis.

Enterprises that already subscribe to Teradata VantageCloud Lake will be able to download Python and R packages from the Anaconda Repository at no additional cost.