Temporarily no new users welcome on PyPi due to malware
The Python repository felt compelled to intervene after packages were uploaded that executed malicious code on devices. It was also temporarily unable to create new projects.
PyPi has since returned to normal operation. However, it was not possible to register and create projects for 10 hours. G... Read more
New malicious packages found in Python Package Index repository
A threat actor has uploaded three malicious packages to the PyPI (Python Package Index) repository. The packages reportedly drop info-stealing malware on developers' systems.
The threat is significant, according to BleepingComputer, as PyPI is the most widely used repository for Python package... Read more
Researchers find malicious info-stealing packages in PyPI
Security firm Phylum discovered six malicious packages on the Python Package Index (PyPI). The packages installed info-stealing RAT (remote access trojan) malware using Cloudflare Tunnel to bypass firewalls.
The packages attempted to steal sensitive user information from browsers, run shell comm... Read more
Researchers find dozens of PyPi packages pushing malware
Researchers at software supply chain security firm Phylum have discovered over two dozen Python packages that are pushing info-stealing malware on the PyPi registry.
The company published their findings in a report on the 1st of November. "Last week, our automated risk detection platform al... Read more
PyPI packages under attack after phishers target developers
Developers and maintainers of PyPI are under attack by digital scammers through email phishing.
Several PyPI developers and maintainers have fallen for phishing scams conducted by digital scammers. The malicious campaign was disclosed by Adam Johnson, a project board member at Django, who receiv... Read more
Python PyPi is going to cost money
Python Software Foundation is working on a paid version of PyPi, the official Python package repository. The organization confirmed the news in a job posting for two developers expected to create the paid system.
Currently, PyPi is free. Hundreds of thousands of Python developers use the reposit... Read more
17 malicious packages found in Node.js Package Manager (NPM)
Another 17 malicious packages have been discovered in an open-source repository by researchers. In recent times, it has become clearer that these repositories can, have been, and will continue to be used to spread malware.
The malicious code was found in NPM, where 11 million developers trade mo... Read more
Sophisticated malware from PyPI was downloaded more than 41,000 times
PyPI, the open-source repository used by both large and small organizations to download code libraries, was hosting 11 malicious packages that were downloaded more than 41k times in one of the latest reports of an incident of this nature.
JFrog found the software supply chain risk. This security... Read more
Half of Python Libraries in Package Index have security issues
Researchers in Finland have examined the open-source software libraries in the Python Package Index and found that it is riddled with security issues. The researchers found that PyPI, as it is popularly known, has potentially vulnerable code in nearly half the index.
The research was published i... Read more
Oracle announces Java 15 on the language’s 25th birthday
Coming amid reports of declining popularity, the company latest release is attempting to win back the hearts of developers worldwide.
Oracle announced on Tuesday the release of Oracle JDK 15, or simply Java 15. The new release marks 25 years since the programming language's debut.
"As Java ce... Read more