SecurityWeek

PyPI Warns Users of Fresh Phishing Campaign

PyPI, the default platform for Python's package management tools, is warning users of a fresh phishing campaign.

New string of phishing attacks targets Python developers

If you recently got an email asking you to verify your credentials to a PyPI site, better change that password ...

PyPI invalidates tokens stolen in GhostAction supply chain attack

The Python Software Foundation team has invalidated all PyPI tokens stolen in the GhostAction supply chain attack in early ...
InfoWorld

Project promises packaging panacea for Python

Pipenv, a brand-new experimental tool, is offered as a packaging panacea for Python developers. Developed over last weekend, the tool is intended to bring the “best of all packaging worlds” to Python, ...
The Hacker News

SilentSync RAT Delivered via Two Malicious PyPI Packages Targeting Python Developers

Zscaler reveals SilentSync remote access trojan hidden in two malicious PyPI Python packages, risking browser data theft and multi-OS compromise.
ZDNet

Twelve malicious Python libraries found and removed from PyPI

A software security engineer has identified 12 Python libraries uploaded on the official Python Package Index (PyPI) that contained malicious code. The 12 packages have been discovered in two separate ...
InfoWorld

Python virtualenv and venv dos and don’ts

Python virtual environments shine for keeping projects and conflicting packages separate. Just keep these dos and don’ts in mind. One of Python’s biggest draws is its expansive ecosystem of ...