News
The Python Package Index (PyPI) has introduced new protections against domain resurrection attacks that enable hijacking ...
The Python Package Index (PyPI) registry has removed three malicious Python packages aimed at exfiltrating environment variables and dropping trojans on the infected machines. These malicious ...
A software security engineer has identified 12 Python libraries uploaded on the official Python Package Index (PyPI) that contained malicious code.
PyPI malware termncolor and colorinal downloaded 884 times exploit DLL side-loading, persistence, and C2 communication.
To make mail hijacking more difficult, PyPI has been checking domain validity since June. In case of doubt, an abandoned email address loses its verification.
The method introduces another supply chain vulnerability for the future, as most security tools solely scan Python source code (PY) files, making them susceptible to missing such attacks. Zanki said ...
Visual Studio Code extensions have been identified exploiting a loophole that allows reuse of names from removed packages ...
Over the weekend an attacker has been uploading thousands of malicious Python packages on the public PyPI (Python Package Index) software repository.
All-in-one Python project management tool written in Rust aims to replace pip, venv, and more. Here's a first look.
Results that may be inaccessible to you are currently showing.
Hide inaccessible results
Feedback