Bleeping Computer

PyPI package 'keep' mistakenly included a password stealer

PyPI packages 'keep,' 'pyanxdns,' 'api-res-py' were found to be containing a backdoor due to the presence of malicious 'request' dependency within some versions. For example, while most versions of ...
SiliconRepublic

The security flaw that Python developers should be aware of

Security firm Checkmarx found that one in three software packages from PyPI contains a flaw that can lead to malicious code being automatically installed. Many software packages from the Python ...
Bleeping Computer

PyPi package backdoors Macs using the Sliver pen-testing suite

A new package mimicked the popular 'requests' library on the Python Package Index (PyPI) to target macOS devices with the Sliver C2 adversary framework, used for gaining initial access to corporate ...