Following a temporary suspension of all new users and package uploads, the Python Package Index (PyPI) repository is back up and running. Many noted that the culprit was the flooding of the site with ...

A malicious Python Package Index (PyPI) package, dubbed “aiocpa” and engineered to steal cryptocurrency wallet data, has been uncovered by security researchers. The package posed as a legitimate ...

The Python Package Index (PyPI) has announced the introduction of ‘Project Archival,’ a new system that allows publishers to archive their projects, indicating to the users that no updates are to be ...

A new software supply chain attack is being exploited in the wild, according to security researchers. The technique targets Python applications distributed via the Python Package Index, or PyPI.

Security researchers have identified a previously unknown group dubbed "JuiceLedger" as the threat actor behind a recent and first-known phishing campaign specifically targeting users of the Python ...

The Python Package Index (PyPI) has announced that it will require every account that manages a project on the platform to have two-factor authentication (2FA) turned on by the end of the year. PyPI ...

The PyPI package flood is just the latest in a string of attacks on public repositories with the intent to plant malicious code. Over the weekend an attacker has been uploading thousands of malicious ...

The administrators of the Python Package Index (PyPI) have begun an effort to improve the hundreds of thousands of software packages that are listed. The attempt, which began earlier last year, is to ...

The Python Software Foundation has rejected a $1.5 million government grant because of anti-DEI requirements imposed by the ...