A security firm found three malicious Python libraries uploaded on the official Python Package Index (PyPI) that contained a hidden backdoor which would activate when the libraries were installed ...

The Python Software Foundation warned users this week that threat actors are trying to steal their credentials in phishing attacks using a fake Python Package Index (PyPI) website.

Conclusion PyPI continues to be abused by cyberattackers to compromise Python programmers’ devices. This campaign displays a variety of techniques being used to include malware in Python packages.

Security researchers from Check Point have spotted 10 malicious packages on Python Package Index (PyPI), the primary Python package index used by Python developers. The first of them was Ascii2text, a ...

Two malicious versions of two Python packages were introduced in the Python Package Index (PyPI) with the purpose of stealing SSH and GPG keys from Python developers' projects.

A new malicious campaign has been found on the Python Package Index (PyPI) open-source repository involving 24 malicious packages that closely imitate three popular open-source tools: vConnector, ...

Malicious Python Repository Package Drops Cobalt Strike on Windows, macOS & Linux Systems The PyPI "pymafka" package is the latest example of growing attacker interest in abusing widely used open ...

Image: Getty Images/iStockphoto PyPI or the Python Package Index is giving away 4,000 Google Titan security keys as part of its move to mandatory two-factor authentication (2FA) for critical ...

News briefs for July 17, 2019. Malicious Python libraries have been found on the official Python Package Index (PyPI), which contain a hidden backdoor that would activate when installed on Linux ...