News

Python devs targeted with dangerous phishing attacks - here's how to stay safe

Developers who published projects on PyPI with their email in package metadata are being targeted They are asked to "verify" ...
The Hacker News1d

Webinar: How to Stop Python Supply Chain Attacks—and the Expert Tools You Need

Malicious PyPI packages, repo hijacks, and CVEs in Python containers put devs at risk. Learn how to stay secure.

Hackers target Python devs in phishing attacks using fake PyPI site

The Python Software Foundation warned users this week that threat actors are trying to steal their credentials in phishing ...
TechRadar4y

Official Python software package repository flooded with spam

While many similarly named packages used to be easy to find through a search for “full-online-movie-free” on PyPI, at the time of writing, it appears that the maintainers of the Python Package ...
Bleeping Computer6y

Python Package Installation Can Trigger Malicious Code

Python modules are typically installed using a package manager called 'pip', which launches a 'setup.py' file that is made available by the developer of the package for installation purposes.
SiliconRepublic2y

The security flaw that Python developers should be aware of

One action is checking the package file contents before download for a .whl file. PyPi has introduced a new wheel (.whl) file type that removes the need to run the setup.py.