The scanners tasked with weeding out malicious contributions to packages distributed via the popular open source code repository Python Package Index (PyPI) create a significant number of false alerts ...

Attackers continue to create fake Python packages and use rudimentary obfuscation techniques in an attempt to infect developers' systems with the W4SP Stealer, a Trojan designed to steal ...

Today, more than half of the world's developers rely on Python, a programming language that has become the foundation of modern AI and machine learning applications. As the popularity of Python has ...

A new malicious campaign has been found on the Python Package Index (PyPI) open-source repository involving 24 malicious packages that closely imitate three popular open-source tools: vConnector, ...

A new project from Anaconda delivers the Python runtime in a web page, via a single JS include, and with access to many popular Python packages. Anaconda, makers of the Python distribution for ...

Threat actors are utilizing an attack called "Revival Hijack," where they register new PyPi projects using the names of previously deleted packages to conduct supply chain attacks. The technique ...

Threat analysts have discovered ten malicious Python packages on the PyPI repository, used to infect developer's systems with password-stealing malware. The fake packages used typosquatting to ...

Python 3.14 was the star of the show in 2025, bringing official support for free-threaded builds, a new all-in-one installation manager for Windows, and subtler perks like the new template strings ...