News

Instagram and TikTok accounts are being stolen using malicious PyPI packages
The Python Package Index (PyPI), one of the world’s biggest repositories of Python code, is often abused to holst malicious code, or trick software developers into downloading and running tainted code ...
TWCN Tech News1y
How to uninstall Python PIP package and dependencies
Do you want to uninstall the Python PIP package you installed sometime back but don’t know how? Sometimes, you may want to remove a package and its dependencies, because you no longer need it or ...
TechRadar2mon
Malicious Python packages are stealing vital data, and have been downloaded thousands of times already
and the third to test for valid credit cards All three have since been removed from the repository Multiple open source software packages on the Python Package Index (PyPI) repository were found ...
WeLiveSecurity1y
A pernicious potpourri of Python packages in PyPI
The former is clean, while the latter contains the malicious code. Python’s package manager, pip, favors a wheel when it’s available rather than a source distribution. As a result, the ...
Ars Technica2y
10 malicious Python packages exposed in latest repository attack
Researchers have discovered yet another set of malicious packages in PyPi, the official and most popular repository for Python programs and code libraries. Those duped by the seemingly familiar ...
InfoWorld4mon
Software bill-of-materials docs eyed for Python packages
Python enhancement proposal would incorporate SBOM documents in Python packages as a way to improve dependency tracking and vulnerability analysis. Software bill-of-materials (SBOM) documents ...
CSO Online11d
Poisoned models in fake Alibaba SDKs show challenges of securing AI supply chains
Fake Alibaba Labs AI SDKs hosted on PyPI included PyTorch models with infostealer code inside. With support for detecting ...