Hackaday

When Good Software Goes Bad: Malware In Open Source

Open Source software is always trustworthy, right? [Bertus] broke a story about a malicious Python package called “Colourama”. When used, it secretly installs a VBscript that watches the system ...
ZDNet

Twelve malicious Python libraries found and removed from PyPI

A software security engineer has identified 12 Python libraries uploaded on the official Python Package Index (PyPI) that contained malicious code. The 12 packages have been discovered in two separate ...
Dark Reading

GitHub Developers Hit in Complex Supply Chain Cyberattack

An unidentified group of threat actors orchestrated a sophisticated supply chain cyberattack on members of the Top.gg GitHub organization as well as individual developers in order to inject malicious ...
Hosted on MSN

Misspelled a site's name? Cybercriminals are exploiting this to infect your computer with malware - here's how to stay safe

A single typo could let hackers hijack your system using malware hidden in fake packages Cross-platform malware now fools even experienced developers by mimicking trusted open source package names ...
Ars Technica

PyPI halted new users and projects while it fended off supply-chain attack

PyPI, a vital repository for open source developers, temporarily halted new project creation and new user registration following an onslaught of package uploads that executed malicious code on any ...
InfoWorld

24 Python libraries for every Python developer

Web apps, web crawling, database access, GUI creation, parsing, image processing, and lots more—these handy tools have you covered Want a good reason for the smashing success of the Python programming ...