A new malicious campaign has been found on the Python Package Index (PyPI) open-source repository involving 24 malicious packages that closely imitate three popular open-source tools: vConnector, ...

The Python Package Index (PyPI) has introduced new protections against domain resurrection attacks that enable hijacking ...

Over the weekend an attacker has been uploading thousands of malicious Python packages on the public PyPI (Python Package Index) software repository.

Devs unknowingly use “malicious” modules snuck into official Python repository Code packages available in PyPI contained modified installation scripts.

All-in-one Python project management tool written in Rust aims to replace pip, venv, and more. Here's a first look.