News

Hackers target Python devs in phishing attacks using fake PyPI site

The Python Software Foundation warned users this week that threat actors are trying to steal their credentials in phishing ...
InfoWorld3y

6 ways to package Python apps for re-use - InfoWorld

Using pip is the most conventional and best-supported way to package a Python application for re-use. Just take your application directory and outfit it with a setup.py file, which turns it into a ...
TechRadar3mon

Malicious Python packages are stealing vital data, and have been ...

Furthermore, this package doesn’t even try to hide its true intentions, and instead is “openly malicious”. Despite being obvious malware, it still managed to rake in 37,217 downloads.
TechRepublic3y

Old Python package comes back to life and delivers malicious payload

A recently spotted supply chain attack abused an old but legitimate Python package to deliver a malicious payload. Read more on how the attacker managed to do it and how to protect yourself from it.
CSOonline2y

Malicious package flood on PyPI might be sign of new attacks to come

Package installers and management tools — pip in the case of Python — have their own internal package selection logic when faced with two packages of the same name from two different defined ...
Ars Technica2y

Latest attack on PyPI users shows crooks are only getting better

Using Python’s index operator [] on a string with a -3 will grab the 3rd character from the end of the string, in this case '<built-in function oct>'[-3] will evaluate to 'c'.