The Python Package Index (PyPI) registry has removed three malicious Python packages aimed at exfiltrating environment variables and dropping trojans on the infected machines. These malicious ...

Nir Cohen describes Wagon, which takes Python wheels, packages them together, adds metadata, and allows for offline extraction and installation.

一般社団法人Pythonエンジニア育成推進協会はコラム「Python Asia Organizationのイベントに登壇してきました。改めて皆さんにも参加してほしいと思う。」を公開しました。

Malicious Python packages found exfiltrating user data to Telegram bot Appears to be part of a wider operation by crime gang based in Iraq, say Checkmarx researchers ...

Enterprises that already subscribe to Teradata VantageCloud Lake will be able to download Python and R packages from the Anaconda Repository at no additional cost.

The malicious package downloads an image from the Web, then uses a steganography module to extract and execute the code to download malware.

Python enhancement proposal would incorporate SBOM documents in Python packages as a way to improve dependency tracking and vulnerability analysis.

今月から「Python Monthly Topics」と題して、毎月Python関連の話題になったトピックやツール、ライブラリなどを紹介していきたいと思います。第1回目はPython 3.10の新機能「構造化パターンマッチング（Structural Pattern Matching）」について紹介します。

Cybersecurity researchers at ReversingLabs found two malicious packages, “bitcoinlibdbfix” and “bitcoinlib-dev”, which cumulatively have around 2,000 downloads.

Based on searches on https://pepy.tech, a site that provides download stats for Python packages, the researchers estimate the malicious packages were downloaded about 30,000 times.