TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm ...

The Python Package Index (PyPI) has temporarily suspended user registration and the creation of new projects to deal with an ongoing malware campaign. PyPI is an index for Python projects that helps ...

The Python Package Index (PyPI) has introduced new protections against domain resurrection attacks that enable hijacking accounts through password resets. PyPI is the official repository for ...

A new software supply chain attack is being exploited in the wild, according to security researchers. The technique targets Python applications distributed via the Python Package Index, or PyPI.

Awesome. Just when I was making headway on getting my organization to consider using the powerful open source data science and analysis tools in the Python ecosystem... This is why we can't have nice ...

ZiChatBot malware spread via 3 PyPI packages in July 2025 uses Zulip APIs as C2, enabling stealthy attacks across systems ...

The official open source code repository for the Python programming language, the Python Package Index (PyPI), will require all user accounts to enable two-factor ...

Following a temporary suspension of all new users and package uploads, the Python Package Index (PyPI) repository is back up and running. Many noted that the culprit was the flooding of the site with ...

PyPI, a vital repository for open source developers, temporarily halted new project creation and new user registration following an onslaught of package uploads that executed malicious code on any ...

Thousands of applications that have taken advantage of open source Python Package Index (PyPI) software packages may be at risk of hijacking and subversion by malicious actors, opening up the ...