News

The Hacker News1d
Webinar: How to Stop Python Supply Chain Attacks—and the Expert Tools You Need
Malicious PyPI packages, repo hijacks, and CVEs in Python containers put devs at risk. Learn how to stay secure.
Hackers target Python devs in phishing attacks using fake PyPI site
The Python Software Foundation warned users this week that threat actors are trying to steal their credentials in phishing ...
ZDNet6y
Twelve malicious Python libraries found and removed from PyPI
This package, too, mimicked the name of a popular Python library, named "colorama." According to the PyPI Stats service, 54 users had downloaded the package a month before it was taken down.
Anaconda raises $150M+ to speed up Python-based AI projects
According to the company, Insight Partners led the investment with participation from Mubadala Capital. Bloomberg reported ...
InfoWorld3y
PDM: A smarter way to manage Python packages - InfoWorld
Codified in PEP 582, Python allows a __pypackages__ directory to contain version-specific editions of packages that can be imported before packages from the base install of Python, or even a venv.
Bleeping Computer3y
Malicious PyPI packages with over 10,000 downloads taken down
The Python Package Index (PyPI) registry has removed three malicious Python packages aimed at exfiltrating environment variables and dropping trojans on the infected machines. These malicious ...
InfoWorld4mon
Air-gapped Python: Setting up Python without a net(work)
Python packages can be distributed as self-contained .whl files. Installing them is easy: pip install /path/to/file.whl. It’s also not hard to download wheels as files using pip.