Ars Technica

PyPI halted new users and projects while it fended off supply-chain attack

PyPI, a vital repository for open source developers, temporarily halted new project creation and new user registration following an onslaught of package uploads that executed malicious code on any ...
Bleeping Computer

Hackers target Python devs in phishing attacks using fake PyPI site

The Python Software Foundation warned users this week that threat actors are trying to steal their credentials in phishing attacks using a fake Python Package Index (PyPI) website. PyPI is a ...
マイナビニュース

マルウェアを含む悪意あるパッケージの概要

ESETによるとこれら悪意のあるパッケージは合計1万回以上ダウンロードされており、2023年5月以降は平均して約80回/日の ...