The Python Software Foundation warned users this week that threat actors are trying to steal their credentials in phishing attacks using a fake Python Package Index (PyPI) website.

Checkmarx found that one in three software packages from PyPI contains a flaw that can lead to malicious code being automatically installed.