Bleeping Computer

Malicious PyPI package opens backdoors on Windows, Linux, and Macs

Yet another malicious Python package has been spotted in the PyPI registry performing supply chain attacks to drop Cobalt Strike beacons and backdoors on Windows, Linux, and macOS systems. PyPI is a ...
Threat Post

Malicious PyPI Code Packages Rack Up Thousands of Downloads

The Python code repository was infiltrated by malware bent on data exfiltration from developer apps and more. Three malicious packages hosted in the Python Package Index (PyPI) code repository have ...
heise online

PyPI takes action against domain hijacking and checks email addresses

To make mail hijacking more difficult, PyPI has been checking domain validity since June. In case of doubt, an abandoned email address loses its verification. The operators of the Python Package Index ...