North Korea-linked Lazarus campaign spreads malicious npm and PyPI packages via fake crypto job offers, deploying RATs and ...

dYdX has been targeted by bad actors using malicious packages to empty its user wallets.

Compromised dYdX npm and PyPI packages delivered wallet-stealing malware and a RAT via poisoned updates in a software supply chain attack.

A report from ReversingLabs reveals a massive 73% increase in malicious open-source packages in 2025, with over 10,000 ...

The Python Software Foundation has warned victims of a new wave of phishing attacks using a fake Python Package Index (PyPI) website to reset credentials. Accessible at pypi.org, PyPI is the default ...

I noticed some time ago that the releases of datafusion-python and the core/rust project are no longer in sync. Pypi version is at v48.0.0, while Rust/crates version is at v49.0.1. Is this a planned ...

Cybersecurity researchers have found harmful software in the official Python Package Index (PyPI) and npm package repositories, putting software supply chains at risk. The packages, called termncolor ...

A malicious Python package targeting Discord developers with remote access trojan (RAT) malware was spotted on the Python Package Index (PyPI) after more than three ...

This article is adapted from an edition of our Off the Charts newsletter originally published in October 2021. Off the Charts is a weekly, subscriber-only guide to The Economist’s award-winning data ...

When attackers compromised Ultralytics YOLO, a popular real-time object detection machine-learning package for Python, most assumed the Python Package Index, or PyPI, must be the point of failure.

It's not hard to write a Python package that can be installed into an interpreter or virtual environment with pip. This video shows a simple example of how to lay out a project's source code and set ...