Bleeping Computer

Python Package Installation Can Trigger Malicious Code

Although there is nothing special about code executing on a machine, the moment when this code is executed is a significant detail from a security standpoint. The Python programming language allows ...
The Hacker News

Legacy Python Bootstrap Scripts Create Domain-Takeover Risk in Multiple PyPI Packages

The disclosure comes as HelixGuard discovered a malicious package in PyPI named "spellcheckers" that claims to be a tool for ...
ZDNet

Twelve malicious Python libraries found and removed from PyPI

A software security engineer has identified 12 Python libraries uploaded on the official Python Package Index (PyPI) that contained malicious code. The 12 packages have been discovered in two separate ...
TechRadar

Python developers targeted with fake PyPl packages

Another day, another malicious package being discovered on the Python Package Index (PyPI) repository. Ax Sharma, a cybersecurity researcher from Sonatype, found a typosquatted version of the ...
TechRadar

Malicious Python packages are stealing vital data, and have been downloaded thousands of times already

Researchers found three malicious PyPI packages, two targeting bitcoin developers, and one WooCommerce stores Two are designed to steal data, and the third to test for valid credit cards All three ...