PyPI is popular among Python programmers for sharing and downloading code. Since anyone can contribute to the repository, malware – sometimes posing as legitimate, popular code libraries – can appear ...

Threat analysts have discovered ten malicious Python packages on the PyPI repository, used to infect developer's systems with password-stealing malware. The fake packages used typosquatting to ...

The Python Package Index (PyPI) registry has removed three malicious Python packages aimed at exfiltrating environment variables and dropping trojans on the infected machines. These malicious packages ...

Python developers working on Mac devices are being targeted by North Korean hackers once again experts have warned. A report from cybersecurity researchers Unit 42 has claimed the attacks are, at ...

Modern Python developers use virtual environments (venvs), to keep their projects and dependencies separate. Managing project dependencies gets more complex as the number of dependencies grows.

Python enhancement proposal would incorporate SBOM documents in Python packages as a way to improve dependency tracking and vulnerability analysis. Software bill-of-materials (SBOM) documents would be ...