Dark Reading

Targeted PyPi Package Steals Google Cloud Credentials From macOS Devs

Researchers have come across a rather odd Python code package online that aims to steal Google Cloud Platform credentials from a very limited set of macOS victims. The package, "lr-utils-lib," was ...
Bleeping Computer

PyPI packages hijacked after developers fall for phishing emails

A phishing campaign caught yesterday was seen targeting maintainers of Python packages published to the PyPI registry. Python packages 'exotel' and 'spam' are among hundreds seen laced with malware ...
Dark Reading

PyPI Mandates 2FA, Plans Google Titan Key Giveaway

As part of the push to mandate two-factor authentication for critical projects, the Python Package Index will distribute 4,000 Google Titan security keys to developers. PyPI, the largest package ...
Computer Weekly

PyPI loophole puts thousands of packages at risk of compromise

Thousands of applications that have taken advantage of open source Python Package Index (PyPI) software packages may be at risk of hijacking and subversion by malicious actors, opening up the ...
Ars Technica

Actors behind PyPI supply chain attack have been active since late 2021

The official software repository for the Python language, Python Package Index (PyPI), has been targeted in a complex supply chain attack that appears to have successfully poisoned at least two ...