Six malicious packages on PyPI, the Python Package Index, were found installing information-stealing and RAT (remote access trojan) malware while using Cloudflare Tunnel to bypass firewall ...

A malicious package named 'pycord-self' on the Python package index (PyPI) targets Discord developers to steal authentication tokens and plant a backdoor for remote control over the system.

PyPI malware termncolor and colorinal downloaded 884 times exploit DLL side-loading, persistence, and C2 communication.

It's not hard to write a Python package that can be installed into an interpreter or virtual environment with pip. This video shows a simple example of how to lay out a project's source code and ...

Latest attack on PyPI users shows crooks are only getting better The code found in the malicious packages closely resembled legit offerings.

A software security engineer has identified 12 Python libraries uploaded on the official Python Package Index (PyPI) that contained malicious code.

The PyPI package flood is just the latest in a string of attacks on public repositories with the intent to plant malicious code.