Bleeping Computer

PyPI temporarily pauses new users, projects amid high volume of malware

PyPI, the official third-party registry of open source Python packages has temporarily suspended new users from signing up, and new projects from being uploaded to the platform until further notice.
Bleeping Computer

Spammers flood PyPI with pirated movie links and bogus packages

The official Python software package repository, PyPI, is getting flooded with spam packages, as seen by BleepingComputer. These packages are named after different movies in a style that is commonly ...
Ars Technica

Malware downloaded from PyPI 41,000 times was surprisingly stealthy

PyPI—the open source repository that both large and small organizations use to download code libraries—was hosting 11 malicious packages that were downloaded more than 41,000 times in one of the ...
Computer Weekly

PyPI loophole puts thousands of packages at risk of compromise

Thousands of applications that have taken advantage of open source Python Package Index (PyPI) software packages may be at risk of hijacking and subversion by malicious actors, opening up the ...
Ars Technica

Ahoy, there’s malice in your repos—PyPI is the latest to be abused

Counterfeit packages downloaded roughly 5,000 times from the official Python repository contained secret code that installed cryptomining software on infected machines, a security researcher has found ...