Malicious PyPI packages, repo hijacks, and CVEs in Python containers put devs at risk. Learn how to stay secure.

A recently spotted supply chain attack abused an old but legitimate Python package to deliver a malicious payload. Read more on how the attacker managed to do it and how to protect yourself from it.

Checkmarx, which recently also found a flaw in Amazon’s Ring camera system, is now warning Python developers that package downloading could lead to an increased risk of a supply chain attack.