The Python Package Index (PyPI) has introduced new protections against domain resurrection attacks that enable hijacking ...

PyPI unverified 1,800 emails since June 2025 to block expired-domain attacks, strengthening open-source supply chain security.

The Python Package Index (PyPI) registry has removed three malicious Python packages aimed at exfiltrating environment variables and dropping trojans on the infected machines. These malicious ...

A software security engineer has identified 12 Python libraries uploaded on the official Python Package Index (PyPI) that contained malicious code.

PyPI malware termncolor and colorinal downloaded 884 times exploit DLL side-loading, persistence, and C2 communication.

The method introduces another supply chain vulnerability for the future, as most security tools solely scan Python source code (PY) files, making them susceptible to missing such attacks. Zanki said ...

To make mail hijacking more difficult, PyPI has been checking domain validity since June. In case of doubt, an abandoned email address loses its verification.

Over the weekend an attacker has been uploading thousands of malicious Python packages on the public PyPI (Python Package Index) software repository.

Hackers are once again targeting Python developers involved in the blockchain industry in an attempt to distribute malware and steal tokens. A new report from cybersecurity researchers at ...