A threat actor has uploaded to the PyPI (Python Package Index) repository three malicious packages that carry code to drop info-stealing malware on developers' systems. The malicious packages, ...
PyPI Versions (ppv) is a command-line interface (CLI) tool designed to interact with the Python Package Index (PyPI). It allows users to fetch package versions, detailed metadata, and dependencies of ...
In a recent revelation, a cluster of malicious Python packages has infiltrated the Python Package Index (PyPI), posing a significant threat to developers’ systems by aiming to pilfer sensitive ...
The disclosure comes as HelixGuard discovered a malicious package in PyPI named "spellcheckers" that claims to be a tool for ...
uv add utensils --extra-index-url https://user:password@100.64.0.1:8000/simple --allow-insecure-host=100.64.0.1 warning: Indexes specified via `--extra-index-url` will not be persisted to the ...
For the past six months, an unidentified threat actor has been slipping malicious packages into the Python Package Index (PyPI), a repository for Python software. The aim? To unleash malware capable ...
Researchers have uncovered yet another supply chain attack targeting an open source code repository, showing that the technique, which has gained wide use in the past few years, isn’t going away any ...
The Python Software Foundation has warned victims of a new wave of phishing attacks using a fake Python Package Index (PyPI) website to reset credentials. Accessible at pypi.org, PyPI is the default ...
The Python security team removed two trojanized Python libraries from PyPI (Python Package Index) that were caught stealing SSH and GPG keys from the projects of infected developers. The two libraries ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback