Here you will find all the articles with the tag: PyPI.
The Python repository felt compelled to intervene after packages were uploaded that executed malicious code on devices. It was also temporarily unable to create new projects. PyPi has since returned to normal operation. However, it was not possible to register and create projects for 10 hours. G... Read more
21 days ago
A threat actor has uploaded three malicious packages to the PyPI (Python Package Index) repository. The packages reportedly drop info-stealing malware on developers' systems. The threat is significant, according to BleepingComputer, as PyPI is the most widely used repository for Python package... Read more
1 year ago
Security firm Phylum discovered six malicious packages on the Python Package Index (PyPI). The packages installed info-stealing RAT (remote access trojan) malware using Cloudflare Tunnel to bypass firewalls. The packages attempted to steal sensitive user information from browsers, run shell comm... Read more
1 year ago
Researchers at software supply chain security firm Phylum have discovered over two dozen Python packages that are pushing info-stealing malware on the PyPi registry. The company published their findings in a report on the 1st of November. "Last week, our automated risk detection platform al... Read more
1 year ago
Developers and maintainers of PyPI are under attack by digital scammers through email phishing. Several PyPI developers and maintainers have fallen for phishing scams conducted by digital scammers. The malicious campaign was disclosed by Adam Johnson, a project board member at Django, who receiv... Read more
2 years ago
Python Software Foundation is working on a paid version of PyPi, the official Python package repository. The organization confirmed the news in a job posting for two developers expected to create the paid system. Currently, PyPi is free. Hundreds of thousands of Python developers use the reposit... Read more
2 years ago
Another 17 malicious packages have been discovered in an open-source repository by researchers. In recent times, it has become clearer that these repositories can, have been, and will continue to be used to spread malware. The malicious code was found in NPM, where 11 million developers trade mo... Read more
2 years ago
PyPI, the open-source repository used by both large and small organizations to download code libraries, was hosting 11 malicious packages that were downloaded more than 41k times in one of the latest reports of an incident of this nature. JFrog found the software supply chain risk. This security... Read more
2 years ago
Researchers in Finland have examined the open-source software libraries in the Python Package Index and found that it is riddled with security issues. The researchers found that PyPI, as it is popularly known, has potentially vulnerable code in nearly half the index. The research was published i... Read more
3 years ago
Coming amid reports of declining popularity, the company latest release is attempting to win back the hearts of developers worldwide. Oracle announced on Tuesday the release of Oracle JDK 15, or simply Java 15. The new release marks 25 years since the programming language's debut. "As Java ce... Read more
4 years ago
