Furthermore, this package doesn’t even try to hide its true intentions, and instead is “openly malicious”. Despite being obvious malware, it still managed to rake in 37,217 downloads.

It comes pre-installed in the majority of the Python versions such as Python 3.4 and later & Python 2.7.9 and later. So, if someday, you want to uninstall the Python package and its dependencies ...

The Python Software Foundation warned users this week that threat actors are trying to steal their credentials in phishing attacks using a fake Python Package Index (PyPI) website.

German software company PVRadar Labs has released a Python programming package for solar asset owners and engineers that want to build site-specific models. July 10, 2025 Valerie Thompson ...

Python virtual environments shine for keeping projects and conflicting packages separate. Just keep these dos and don’ts in mind.

Placing malicious code in 'setup.py,' however, will allow malware to be installed and unnoticed even if the package, or Python itself, is not used at all.

A recently spotted supply chain attack abused an old but legitimate Python package to deliver a malicious payload. Read more on how the attacker managed to do it and how to protect yourself from it.

The 12 packages have been discovered in two separate scans by a security engineer who goes online by the name of Bertus, and have long been removed from PyPI before this article's publication.

All-in-one Python project management tool written in Rust aims to replace pip, venv, and more. Here's a first look.