Written in Rust, the PyApp utility wraps up Python programs into self-contained click-to-run executables. It might be the ...

PyApp seems to be taking the Python world by storm, providing long-awaited click-and-run Python distribution. For developers ...

A software security engineer has identified 12 Python libraries uploaded on the official Python Package Index (PyPI) that contained malicious code. The 12 packages have been discovered in two ...

Security firm Checkmarx found that one in three software packages from PyPI contains a flaw that can lead to malicious code being automatically installed. Many software packages from the Python ...

Security researchers found two packages on PyPI, showing malicious intent The packages grant the attackers access to systems and sensitive data The researchers warn developers to exercise caution ...

The PyPI package flood is just the latest in a string of attacks on public repositories with the intent to plant malicious code.

Hackers are once again targeting Python developers involved in the blockchain industry in an attempt to distribute malware and steal tokens. A new report from cybersecurity researchers at ...

A recently spotted supply chain attack abused an old but legitimate Python package to deliver a malicious payload. Read more on how the attacker managed to do it and how to protect yourself from it.

PyPI unverified 1,800 emails since June 2025 to block expired-domain attacks, strengthening open-source supply chain security.