With over 2.2 billion installs, the flawed Python package offers attackers a huge blast radius, including silent access to ...

A single developer. One poisoned extension. Five supply chain surfaces compromised in 48 hours. And a threat group claiming ...

Sometime around the last week of May 2026, attackers uploaded poisoned packages to three of the most widely used software ...

A new report out today from cybersecurity company Forcepoint LLC’s X-Labs research team details a supply chain attack that compromised LiteLLM, a widely used open-source Python ...

Lazarus Group evolving Operation Dream Job campaign to target Web3 developers New “Graphalgo” variant uses malicious dependencies in legitimate bare-bone projects on PyPI/npm ReversingLabs found ~200 ...

Check if there are potential typosquatters on a package you care about. Check if there are potential typosquatters on the most downloaded PyPI packages. Check if packages newly added to PyPI are ...

The Python Software Foundation has rejected a $1.5 million government grant because of anti-DEI requirements imposed by the Trump administration, the nonprofit said in a blog post yesterday. The grant ...

A new class of supply chain attacks named 'slopsquatting' has emerged from the increased use of generative AI tools for coding and the model's tendency to "hallucinate" non-existent package names. The ...

Researchers found three malicious PyPI packages, two targeting bitcoin developers, and one WooCommerce stores Two are designed to steal data, and the third to test for valid credit cards All three ...

Installing Python and related applications on a system without a network connection isn’t easy, but you can do it. Here’s how. The vast majority of modern software development revolves around one big ...