The Hacker News

Legacy Python Bootstrap Scripts Create Domain-Takeover Risk in Multiple PyPI Packages

Cybersecurity researchers have discovered vulnerable code in legacy Python packages that could potentially pave the way for a supply chain compromise on the Python Package Index (PyPI) via a domain ...
Bleeping Computer

PyPI urges users to reset credentials after new phishing attacks

The Python Software Foundation has warned victims of a new wave of phishing attacks using a fake Python Package Index (PyPI) website to reset credentials. Accessible at pypi.org, PyPI is the default ...
bitnewsbot

Malicious PyPI Packages Uncovered: Supply Chain Risk for Python

Cybersecurity researchers have found harmful software in the official Python Package Index (PyPI) and npm package repositories, putting software supply chains at risk. The packages, called termncolor ...
Bleeping Computer

Hackers target Python devs in phishing attacks using fake PyPI site

The Python Software Foundation warned users this week that threat actors are trying to steal their credentials in phishing attacks using a fake Python Package Index (PyPI) website. PyPI is a ...
InfoWorld

Air-gapped Python: Setting up Python without a net(work)

Installing Python and related applications on a system without a network connection isn’t easy, but you can do it. Here’s how. The vast majority of modern software development revolves around one big ...
Hackaday

Import GPU: Python Programming With CUDA

Every few years or so, a development in computing results in a sea change and a need for specialized workers to take advantage of the new technology. Whether that’s COBOL in the 60s and 70s, HTML in ...
CSOonline

Python administrator moves to improve software security

The administrators of the Python Package Index (PyPI) have begun an effort to improve the hundreds of thousands of software packages that are listed. The attempt, which began earlier last year, is to ...
InfoWorld

3 takeaways from the Ultralytics AI Python library hack

When attackers compromised Ultralytics YOLO, a popular real-time object detection machine-learning package for Python, most assumed the Python Package Index, or PyPI, must be the point of failure.
CoinTelegraph

Crypto-stealing malware discovered in Python Package Index — Checkmarx

According to cybersecurity firm Hacken, financial losses from crypto hacks topped $440 million in the third quarter of 2024. Researchers at the Checkmarx cybersecurity firm sounded the alarm on a ...
GitHub

Test failure: test_workflow_linter_lints_job_with_import_pypi_library #2844

assert 0 > 0 + where 0 = len([]) [gw7] linux -- Python 3.10.15 /home/runner/work/ucx/ucx/.venv/bin/python 05:16 DEBUG [databricks.labs.ucx.install] Cannot find ...
SecurityWeek

Cryptocurrency Wallets Targeted via Python Packages Uploaded to PyPI

Users of popular cryptocurrency wallets have been targeted in a supply chain attack involving Python packages relying on malicious dependencies to steal sensitive information, Checkmarx warns. As part ...