Old Python package comes back to life and delivers malicious payload Your email has been sent A recently spotted supply chain attack abused an old but legitimate Python package to deliver a malicious ...

Although there is nothing special about code executing on a machine, the moment when this code is executed is a significant detail from a security standpoint. The Python programming language allows ...

A single line of Python code was all it took. Developers who ran import lightning after installing versions 2.6.2 or 2.6.3 of ...

Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...

This was not a case of stolen credentials, but rather of vulnerability exploitation.

ZiChatBot malware spread via 3 PyPI packages in July 2025 uses Zulip APIs as C2, enabling stealthy attacks across systems ...

Public repositories of open source code are a critical part of the software supply chain that many organizations use to build applications. They are therefore an attractive target for adversaries ...

Python falls short in a few areas. For instance, Python isn’t the fastest language around, but third-party libraries like NumPy let you work around that. Where Python is most deficient, though, is ...

A software security engineer has identified 12 Python libraries uploaded on the official Python Package Index (PyPI) that contained malicious code. The 12 packages have been discovered in two separate ...