Bleeping Computer

PyPi python packages caught sending stolen AWS keys to unsecured sites

Multiple malicious Python packages available on the PyPI repository were caught stealing sensitive information like AWS credentials and transmitting it to publicly exposed endpoints accessible by ...
Dark Reading

Novel PyPI Malware Uses Compiled Python Bytecode to Evade Detection

In a new twist on software supply chain attacks, researchers have discovered a Python package hiding malware inside of compiled code, allowing it to evade ordinary detection measures. On April 17, ...
Bleeping Computer

PyPI mandates 2FA for critical projects, developer pushes back

On Friday, the Python Package Index (PyPI), the official repository of third-party open-source Python projects announced plans to mandate two-factor authentication requirement for maintainers of ...
Dark Reading

'Blatantly Obvious': Spyware Offered to Cyberattackers via PyPI Python Repository

Researchers have discovered malware peddlers advertising an info-stealer out in the open on the Python Package Index (PyPI) — the official, public repository for the Python programming language — with ...
Infosecurity-magazine.com

New Malicious Python Libraries Found on PyPI Repository

Security researchers from Check Point have spotted 10 malicious packages on Python Package Index (PyPI), the primary Python package index used by Python developers. The first of them was Ascii2text, a ...