According to ReversingLabs' 2025 Software Supply Chain Security Report, 14 of the 23 crypto-related malicious campaigns in ...

The past year has seen over 10,000 downloads of malicious packages hosted on the official Python package repository, ESET research finds.

Libraries are collections of shared code. They're common in Python, where they're also called "modules," but they're also ...

The official Python software package repository PyPI is under attack from threat actors that have begun flooding it with spam packages according to a new report from BleepingComputer. These spam ...

The method introduces another supply chain vulnerability for the future, as most security tools solely scan Python source code (PY) files, making them susceptible to missing such attacks. Zanki said ...

Although there is nothing special about code executing on a machine, when this code is executed is a significant detail from a security standpoint.

Devs unknowingly use “malicious” modules snuck into official Python repository Code packages available in PyPI contained modified installation scripts.

Nir Cohen describes Wagon, which takes Python wheels, packages them together, adds metadata, and allows for offline extraction and installation.