News

ZDNet6y
Twelve malicious Python libraries found and removed from PyPI
A software security engineer has identified 12 Python libraries uploaded on the official Python Package Index (PyPI ... Python library installers like "pip" execute automatically when downloading ...
WeLiveSecurity1y
A pernicious potpourri of Python packages in PyPI
PyPI is popular among Python programmers for sharing and downloading code. Since anyone can contribute to the repository, malware – sometimes posing as legitimate, popular code libraries – can ...
Bleeping Computer7y
Ten Malicious Libraries Found on PyPI - Python Package Index
The Slovak National Security Office (NBU) has identified ten malicious Python libraries uploaded on PyPI — Python Package ... developers to avoid using "pip" — a Python package installer ...
InfoWorld3mon
Air-gapped Python: Setting up Python without a net(work)
Then you can set up Python and pip install packages as needed ... Programming Language list in the bottom left-hand side of the PyPI project page typically lists the specific versions of Python ...
CSOonline2y
Malicious package flood on PyPI might be sign of new attacks to come
but they’re not published on public repositories like PyPI because they’re not meant for public consumption. Package installers and management tools — pip in the case of Python — have ...
ZDNet5y
Malicious Python libraries targeting Linux servers removed from PyPI
A security firm found three malicious Python libraries uploaded on the official Python Package Index (PyPI) that contained a hidden backdoor which would activate when the libraries were installed ...
Ars Technica7y
Devs unknowingly use “malicious” modules snuck into official Python repository
Multiple code packages were uploaded to the Python Package Index, often abbreviated as PyPI ... including the popular 'pip' utility (pip install urllib)," Thursday's advisory stated.