PyPI is the official Python Package Index that currently contains 500,972 projects, 5,228,535 million releases, 9,950,103 million files, and 770,841 users. PyPI helps users locate and install software ...

Security researchers at ReversingLabs have discovered a novel attack that used compiled Python code to evade detection. According to ReversingLabs reverse engineer Karlo Zanki, this could be the first ...

In a new twist on software supply chain attacks, researchers have discovered a Python package hiding malware inside of compiled code, allowing it to evade ordinary detection measures. On April 17, ...

A malicious Python Package Index (PyPI) package, dubbed “aiocpa” and engineered to steal cryptocurrency wallet data, has been uncovered by security researchers. The package posed as a legitimate ...

PandasAI, an open source project by SinaptikAI, has been found vulnerable to Prompt Injection attacks. An attacker with access to the chat prompt can craft malicious input that is interpreted as code, ...

TrapDoor spread 34 malicious packages across npm, PyPI, and Crates.io, stealing developer credentials and enabling persistence.

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP ...

A malicious Python package targeting Discord developers with remote access trojan (RAT) malware was spotted on the Python Package Index (PyPI) after more than three ...

A new report out today from Fortinet Inc.’s FortiGuard Labs is warning of two newly discovered malicious Python packages that pose a high risk of credential theft, data exfiltration and unauthorized ...

A known Chinese advanced persistent threat (APT) group known as Mustang Panda is the likely culprit behind a sophisticated, ongoing cyber-espionage campaign. It starts with a malicious email, and ...

The ChromaToast vulnerability can be exploited by forcing the ChromaDB API server to fetch and load maliciously crafted AI ...