ZDNet

Developers, watch your code: Official Python repository spread malicious projects

PyPI is the official Python Package Index that currently contains 500,972 projects, 5,228,535 million releases, 9,950,103 million files, and 770,841 users. PyPI helps users locate and install software ...
Dark Reading

Malicious Python Repository Package Drops Cobalt Strike on Windows, macOS & Linux Systems

Public repositories of open source code are a critical part of the software supply chain that many organizations use to build applications. They are therefore an attractive target for adversaries ...
Dark Reading

'Blatantly Obvious': Spyware Offered to Cyberattackers via PyPI Python Repository

Researchers have discovered malware peddlers advertising an info-stealer out in the open on the Python Package Index (PyPI) — the official, public repository for the Python programming language — with ...
Bleeping Computer

Python Package Installation Can Trigger Malicious Code

Although there is nothing special about code executing on a machine, the moment when this code is executed is a significant detail from a security standpoint. The Python programming language allows ...
Zawya

ESET Research: Official Python repository served cyberespionage backdoor

ESET Research discovered 116 malicious packages in PyPI, the official repository of software for the Python programming language, uploaded across 53 projects. Victims have downloaded these packages ...
Ars Technica

Devs unknowingly use “malicious” modules put into official Python repository

Adding to the insecurity, the widely used pip package management system (pictured above), which most Python developers rely on, doesn't require cryptographic ...