News

Python devs targeted with dangerous phishing attacks - here's how to stay safe

Developers who published projects on PyPI with their email in package metadata are being targeted They are asked to "verify" ...

Hackers target Python devs in phishing attacks using fake PyPI site

The Python Software Foundation warned users this week that threat actors are trying to steal their credentials in phishing ...
WeLiveSecurity1y

A pernicious potpourri of Python packages in PyPI - WeLiveSecurity

Conclusion PyPI continues to be abused by cyberattackers to compromise Python programmers’ devices. This campaign displays a variety of techniques being used to include malware in Python packages.

Mitigating the risks of package hallucination and 'slopsquatting'

In 2024, cybersecurity experts started to warn of a new threat to the software supply chain. Named 'slopsquatting', it is a ...
How-To Geek on MSN4d

Python Beginner's Guide to Processing Data

The main reason to use Python is that you get a lot more options than what's included in most spreadsheets. Spreadsheets are ...
TechRadar1y

Malicious Python packages found stealing data - TechRadar

Pro Security Malicious Python packages found stealing data - here's how to stay safe News By Sead Fadilpašić published 5 October 2023 ...
CSOonline10mon

Fake recruitment campaign targets developers using trojanized Python ...

Using PYC files to hide malicious code Compared to the similar Node.js campaign reported by Securonix, in this case, attackers stored the malicious code in Python bytecode (PYC) files.
InfoWorld12d

Amp your Python superpowers with ‘uv run’

The uv utility lets you run Python packages and libraries with one command and no setup. Here's the quick guide to running Python packages without installing them.