Open source registries don't have enough money to implement basic security

Trusted registries are widely treated as a key component of Software Bill of Materials (SBOM) - driven supply chain security ...
Cryptopolitan

dYdX targeted as malicious packages empty its user wallets

Researchers have revealed that bad actors are targeting dYdX and using malicious packages to empty its user wallets. According to the report, some open source packages published on the npm and PyPi ...
The Hacker News

Legacy Python Bootstrap Scripts Create Domain-Takeover Risk in Multiple PyPI Packages

Cybersecurity researchers have discovered vulnerable code in legacy Python packages that could potentially pave the way for a supply chain compromise on the Python Package Index (PyPI) via a domain ...
Bleeping Computer

Hackers target Python devs in phishing attacks using fake PyPI site

The Python Software Foundation warned users this week that threat actors are trying to steal their credentials in phishing attacks using a fake Python Package Index (PyPI) website. PyPI is a ...
InfoWorld

Get started with the new Python Installation Manager

Soon to be the official tool for managing Python installations on Windows, the new Python Installation Manager picks up where the ‘py’ launcher left off. Python is a first-class citizen on Microsoft ...
Infosecurity-magazine.com

New Malware on PyPI Poses Threat to Open-Source Developers

A newly uncovered malicious package on the Python Package Index (PyPI) has raised fresh concerns about the security of open source software repositories. The package, named “dbgpkg,” was discovered by ...
TheServerSide

How to install Python on Windows

The default Python install on Windows 11 comes packed with a variety of helpful tools and features. After a you successfully install Python on Windows, you should test out Python's built-in REPL tools ...
The Hacker News

PyPI Python Library "aiocpa" Found Exfiltrating Crypto Keys via Telegram Bot

The administrators of the Python Package Index (PyPI) repository have quarantined the package "aiocpa" following a new update that included malicious code to exfiltrate private keys via Telegram. By ...
InfoWorld

Creating a pip install-able Python package

It's not hard to write a Python package that can be installed into an interpreter or virtual environment with pip. This video shows a simple example of how to lay out a project's source code and set ...
SecurityWeek

Cryptocurrency Wallets Targeted via Python Packages Uploaded to PyPI

Users of popular cryptocurrency wallets have been targeted in a supply chain attack involving Python packages relying on malicious dependencies to steal sensitive information, Checkmarx warns. As part ...
Dark Reading

Citrine Sleet Poisons PyPI Packages With Mac & Linux Malware

One of North Korea's most sophisticated threat groups has been hiding remote access malware for macOS and Linux inside of open source Python packages. North Korean advanced persistent threats (APTs) ...