News

ZDNet6y

Twelve malicious Python libraries found and removed from PyPI

A software security engineer has identified 12 Python libraries uploaded on the official Python Package Index (PyPI) that contained malicious code.
The Hacker News9d

Malicious PyPI and npm Packages Discovered Exploiting Dependencies in Supply Chain Attacks

PyPI malware termncolor and colorinal downloaded 884 times exploit DLL side-loading, persistence, and C2 communication.
Bleeping Computer28d

Hackers target Python devs in phishing attacks using fake PyPI site

The Python Software Foundation warned users this week that threat actors are trying to steal their credentials in phishing attacks using a fake Python Package Index (PyPI) website.
Bleeping Computer3mon

Malicious PyPi package hides RAT malware, targets ... - BleepingComputer

A malicious Python package targeting Discord developers with remote access trojan (RAT) malware was spotted on the Python Package Index (PyPI) after more than three years.
TechRadar28d

Python devs targeted with dangerous phishing attacks - here's how to ...

Developers who published projects on PyPI with their email in package metadata are being targeted They are asked to "verify" their email address with a fake PyPI platform The "verification ...