Bleeping Computer

Malicious Python Package Available in PyPI Repo for a Year

Two malicious versions of two Python packages were introduced in the Python Package Index (PyPI) with the purpose of stealing SSH and GPG keys from Python developers' projects. One of them, using ...
TechRepublic

Old Python package comes back to life and delivers malicious payload

Old Python package comes back to life and delivers malicious payload Your email has been sent A recently spotted supply chain attack abused an old but legitimate Python package to deliver a malicious ...