ZiChatBot malware spread via 3 PyPI packages in July 2025 uses Zulip APIs as C2, enabling stealthy attacks across systems ...
Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...
The Python Software Foundation warned users this week that threat actors are trying to steal their credentials in phishing attacks using a fake Python Package Index (PyPI) website. PyPI is a ...
A software security engineer has identified 12 Python libraries uploaded on the official Python Package Index (PyPI) that contained malicious code. The 12 packages have been discovered in two separate ...
The Python Software Foundation team has invalidated all PyPI tokens stolen in the GhostAction supply chain attack in early September, confirming that the threat actors didn't abuse them to publish ...
PyPI, a vital repository for open source developers, temporarily halted new project creation and new user registration following an onslaught of package uploads that executed malicious code on any ...
The scanners tasked with weeding out malicious contributions to packages distributed via the popular open source code repository Python Package Index (PyPI) create a significant number of false alerts ...
The wave of supply chain attacks aimed at security and developer tools has washed up more victims, namely SAP and Intercom ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results