News

Hackers target Python devs in phishing attacks using fake PyPI site

The Python Software Foundation warned users this week that threat actors are trying to steal their credentials in phishing ...
InfoWorld3y

6 ways to package Python apps for re-use - InfoWorld

Using pip is the most conventional and best-supported way to package a Python application for re-use. Just take your application directory and outfit it with a setup.py file, which turns it into a ...
TechRadar4mon

Malicious Python packages are stealing vital data, and have been ...

Furthermore, this package doesn’t even try to hide its true intentions, and instead is “openly malicious”. Despite being obvious malware, it still managed to rake in 37,217 downloads.
TechRepublic3y

Old Python package comes back to life and delivers malicious payload

A recently spotted supply chain attack abused an old but legitimate Python package to deliver a malicious payload. Read more on how the attacker managed to do it and how to protect yourself from it.
Linux Journal9y

Doing Astronomy with Python - Linux Journal

sudo apt-get install python-astropy There is also a separate package, python-astropy-doc, that contains extra documentation for Astropy. Because Astropy is a fairly large system, it is broken into ...
Ars Technica2y

Latest attack on PyPI users shows crooks are only getting better

Using Python’s index operator [] on a string with a -3 will grab the 3rd character from the end of the string, in this case '<built-in function oct>'[-3] will evaluate to 'c'.
Infosecurity-magazine.com2y

Malicious PyPI Packages Use Compiled Python Code to Bypass Detection

Security researchers at ReversingLabs have discovered a novel attack that used compiled Python code to evade detection. According to ReversingLabs reverse engineer Karlo Zanki, this could be the first ...