Pythonコミュニティは5月25日(現地時間)、「Securing PyPI accounts via Two-Factor Authentication - The Python Package Index」において、2023年末までにPyPI (Python Package Index)でプロジェクトや組織を管理しているすべてのユーザーに対し、2023年末までに二要素認証(2FA: ...

If you recently got an email asking you to verify your credentials to a PyPI site, better change that password ...

PythonパッケージのアップロードプラットフォームであるPython Package Index(PyPI)を運営するPython Software Foundation(PSF)が、2023年3月から4月にかけて、アメリカ司法省からユーザーデータを要求する召喚状を3回発行されたことを明らかにしました。PSFはこの召喚状に ...

“If you have already clicked on the link and provided your credentials, we recommend changing your password on PyPI immediately,” Larson warned. “Inspect your account's Security History for anything ...

Two malicious versions of two Python packages were introduced in the Python Package Index (PyPI) with the purpose of stealing SSH and GPG keys from Python developers' projects. One of them, using ...

Multiple malicious Python packages available on the PyPI repository were caught stealing sensitive information like AWS credentials and transmitting it to publicly exposed endpoints accessible by ...

Python Package Index (PyPI), the official third-party open-source repository for Python projects, said it will enforce a mandatory two-factor authentication (2FA) policy for projects categorized as ...

Malicious PyPI package soopsocks downloaded 2,653 times before takedown, exfiltrating Windows data to Discord.

A security firm found three malicious Python libraries uploaded on the official Python Package Index (PyPI) that contained a hidden backdoor which would activate when the libraries were installed on ...

Fortinetは1月14日(米国時間)、「Supply Chain Attack Using Identical PyPI Packages, “colorslib”, “httpslib”, and “libhttps”｜FortiGuard Labs」において、PyPI (Python Package ...