PyPI, the default platform for Python's package management tools, is warning users of a fresh phishing campaign.

Multiple malicious Python packages available on the PyPI repository were caught stealing sensitive information like AWS credentials and transmitting it to publicly exposed endpoints accessible by ...

On Friday, the Python Package Index (PyPI), the official repository of third-party open-source Python projects announced plans to mandate two-factor authentication requirement for maintainers of ...

If you recently got an email asking you to verify your credentials to a PyPI site, better change that password The Python Software Foundation warned users of a new string of phishing attacks using a ...

PyPI warns phishing attacks will persist using fake domains and urgent email tactics Victims are tricked into verifying ...

The Python security team removed two trojanized Python libraries from PyPI (Python Package Index) that were caught stealing SSH and GPG keys from the projects of infected developers. The two libraries ...

More than 400 malicious packages were recently uploaded to PyPI (Python Package Index), the official code repository for the Python programming language, in the latest indication that the targeting of ...

A security firm found three malicious Python libraries uploaded on the official Python Package Index (PyPI) that contained a hidden backdoor which would activate when the libraries were installed on ...

A new malicious campaign has been found on the Python Package Index (PyPI) open-source repository involving 24 malicious packages that closely imitate three popular open-source tools: vConnector, ...