WeLiveSecurity

A pernicious potpourri of Python packages in PyPI

PyPI is popular among Python programmers for sharing and downloading code. Since anyone can contribute to the repository, malware – sometimes posing as legitimate, popular code libraries – can appear ...
Dark Reading

Malicious Python Package Relies on Steganography to Download Malware

Check Point Research has detected a malicious open source code package that uses steganography to hide malicious code inside image files. The malicious package was available on PyPI, a package index ...
InfoWorld

Software bill-of-materials docs eyed for Python packages

Python enhancement proposal would incorporate SBOM documents in Python packages as a way to improve dependency tracking and vulnerability analysis. Software bill-of-materials (SBOM) documents would be ...
Dark Reading

Stealthy, Thieving Python Packages Slither Onto Windows Systems

A threat actor has been delivering a "relentless campaign" since early April to seed the software supply chain with hundreds of malicious Python packages aimed at stealing sensitive data and ...
CSOonline

Malicious package flood on PyPI might be sign of new attacks to come

The PyPI package flood is just the latest in a string of attacks on public repositories with the intent to plant malicious code. Over the weekend an attacker has been uploading thousands of malicious ...
Arabian Post on MSN

Python packaging faces a production reckoning

Python’s packaging ecosystem is under growing strain as development teams move away from pip in production environments, citing performance bottlenecks, fragile dependency resolution and rising ...