IEEE

Detecting Malicious Packages in PyPI and npm by Clustering Installation Scripts

Abstract: Software repositories such as PyPI and npm are vital for software development but expose users to serious security risks from malicious packages. The malicious packages often execute their ...
Bleeping Computer

PyPI urges users to reset credentials after new phishing attacks

The Python Software Foundation has warned victims of a new wave of phishing attacks using a fake Python Package Index (PyPI) website to reset credentials. Accessible at pypi.org, PyPI is the default ...
bitnewsbot

Malicious PyPI Packages Uncovered: Supply Chain Risk for Python

Cybersecurity researchers have found harmful software in the official Python Package Index (PyPI) and npm package repositories, putting software supply chains at risk. The packages, called termncolor ...
Bleeping Computer

Hackers target Python devs in phishing attacks using fake PyPI site

The Python Software Foundation warned users this week that threat actors are trying to steal their credentials in phishing attacks using a fake Python Package Index (PyPI) website. PyPI is a ...
Chicago Sun-Times

Ritz cracker sandwiches recalled due to labeling error on some packages

Why are we asking for donations? Why are we asking for donations? This site is free thanks to our community of supporters. Voluntary donations from readers like you keep our news accessible for ...
CSOonline

Malicious PyPI package targets Chimera users to steal AWS tokens, CI/CD secrets

“Chimera-sandbox-extensions” exploit highlights rising risks of open-source package abuse, prompting calls for stricter dependency controls and DGA malware detection. A malicious Python package posing ...
Infosecurity-magazine.com

New Malware on PyPI Poses Threat to Open-Source Developers

A newly uncovered malicious package on the Python Package Index (PyPI) has raised fresh concerns about the security of open source software repositories. The package, named “dbgpkg,” was discovered by ...
The Hacker News

PyPI Introduces Archival Status to Alert Users About Unmaintained Python Packages

The maintainers of the Python Package Index (PyPI) registry have announced a new feature that allows package developers to archive a project as part of efforts to improve supply chain security.
Dark Reading

AI Malware Dressed Up as DeepSeek Packages Lurk in PyPi

Researchers have found malicious DeepSeek-impersonating packages planted in the Python Package Index (PyPi); the code is actually loaded with infostealers. Experts warn that's probably not the only ...
GitHub

Getting 403 Error after transferring a project to a different org

I transferred the project python-docs-theme from individual accounts to the python PyPI org. After I transferred the project, I got redirected to https://pypi.org ...
GitHub

depended package error:The 'sklearn' PyPI package is deprecated, use 'scikit-learn'

The 'sklearn' PyPI package is deprecated, use 'scikit-learn' rather than 'sklearn' for pip commands. Here is how to fix this error in the main use cases: - use 'pip ...