News
For the second time since March, a cybersecurity firm has discovered troubling malware software packages uploaded to the Python Package Index platform.
Two malicious versions of two Python packages were introduced in the Python Package Index (PyPI) with the purpose of stealing SSH and GPG keys from Python developers' projects.
The PyPI package flood is just the latest in a string of attacks on public repositories with the intent to plant malicious code.
On Friday, the Python Package Index (PyPI), repository of open source Python projects announced plans to rollout two factor authentication for maintainers of "critical" projects. Although many ...
The Python Package Index (PyPI) is putting a stop to so-called “domain resurrection attacks” that have been observed in the wild before to launch cyberattacks. Domain resurrection is a supply chain ...
Many software packages from the Python Package Index (PyPi) are vulnerable to a feature that could allow an attacker to automatically execute malicious code before installation – while ...
The official Python software package repository PyPI is under attack from threat actors that have begun flooding it with spam packages according to a new report from BleepingComputer.
All-in-one Python project management tool written in Rust aims to replace pip, venv, and more. Here's a first look.
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback