News

Python devs targeted with dangerous phishing attacks - here's how to stay safe
Developers who published projects on PyPI with their email in package metadata are being targeted They are asked to "verify" ...
The Hacker News22h
Webinar: How to Stop Python Supply Chain Attacks—and the Expert Tools You Need
Malicious PyPI packages, repo hijacks, and CVEs in Python containers put devs at risk. Learn how to stay secure.
Hackers target Python devs in phishing attacks using fake PyPI site
The Python Software Foundation warned users this week that threat actors are trying to steal their credentials in phishing ...
TechRadar4mon
Malicious Python packages are stealing vital data, and have been ...
Furthermore, this package doesn’t even try to hide its true intentions, and instead is “openly malicious”. Despite being obvious malware, it still managed to rake in 37,217 downloads.
Bleeping Computer6mon
Malicious PyPi package steals Discord auth tokens from devs
A malicious package named 'pycord-self' on the Python package index (PyPI) targets Discord developers to steal authentication tokens and plant a backdoor for remote control over the system.
Ars Technica2y
10 malicious Python packages exposed in latest repository attack
Python's repository is a frequent target, with researchers finding malicious packages in September 2017; June, July, and November 2021; and June of this year.