WeLiveSecurity

A pernicious potpourri of Python packages in PyPI

PyPI is popular among Python programmers for sharing and downloading code. Since anyone can contribute to the repository, malware – sometimes posing as legitimate, popular code libraries – can appear ...
Bleeping Computer

Python Package Installation Can Trigger Malicious Code

Although there is nothing special about code executing on a machine, the moment when this code is executed is a significant detail from a security standpoint. The Python programming language allows ...
Dark Reading

'Blatantly Obvious': Spyware Offered to Cyberattackers via PyPI Python Repository

Researchers have discovered malware peddlers advertising an info-stealer out in the open on the Python Package Index (PyPI) — the official, public repository for the Python programming language — with ...
TechRadar

Official Python software package repository flooded with spam

The official Python software package repository PyPI is under attack from threat actors that have begun flooding it with spam packages according to a new report from BleepingComputer. These spam ...
Dark Reading

Malware in PyPI Code Shows Supply Chain Risks

The pace of modern software development requires code reuse, and effective code reuse requires code repositories. These collections of code fragments, functions, libraries, and modules allow ...
Zawya

ESET Research: Official Python repository served cyberespionage backdoor

ESET Research discovered 116 malicious packages in PyPI, the official repository of software for the Python programming language, uploaded across 53 projects. Victims have downloaded these packages ...