PyPI

The Latest

Bybit Hack: $1.4B Stolen from World's 2nd Largest Crypto Exchange

Bybit Hack: $1.4B Stolen from World’s 2nd Largest Crypto Exchange

Leaked Files Tie Chinese Tech Firm to Gov’t Censorship and Private Clients

Leaked Files Tie Chinese Cybersecurity Firm to Government Censorship

New FrigidStealer Malware Infects macOS via Fake Browser Updates

New FrigidStealer Malware Infects macOS via Fake Browser Updates

Hackers Hide Malware in Fake DeepSeek PyPI Packages

Read More

2 minute read

Hackers Hide Malware in Fake DeepSeek PyPI Packages

Malicious DeepSeek packages on PyPI spread malware, stealing sensitive data like API keys. Learn how this attack targeted developers and how to protect yourself.

February 4, 2025

Python Malware in Zebo-0.1.0 and Cometlogger-0.1 Found Stealing User Data

Read More

3 minute read

Python Malware in Zebo-0.1.0 and Cometlogger-0.1 Found Stealing User Data

Fortinet discovers two malicious Python packages, Zebo-0.1.0 and Cometlogger-0.1, designed to steal data, capture keystrokes, and gain system control. Learn about their malicious behavior and how to protect yourself

December 24, 2024

ReversingLabs Research: Compromised Ultralytics PyPI Package Delivers Crypto Coinminer

Read More

3 minute read

Ultralytics AI Library with 60M Downloads Compromised for Cryptomining

Another day, another supply chain attack!

December 9, 2024

Fabrice Malware on PyPI Has Been Stealing AWS Credentials for 3 Years

Read More

4 minute read

Fabrice Malware on PyPI Has Been Stealing AWS Credentials for 3 Years

The malicious Python package “Fabrice” on PyPI mimics the “Fabric” library to steal AWS credentials, affecting thousands. Learn how…

November 7, 2024

New PyPI Malware Poses as Crypto Wallet Tools to Steal Private Keys

Read More

2 minute read

New PyPI Malware Poses as Crypto Wallet Tools to Steal Private Keys

Checkmarx researchers discovered PyPI malware posing as crypto wallet tools. These malicious packages stole private keys and recovery…

October 1, 2024

New Supply Chain Attack Revival Hijack Risks Massive PyPI Takeovers

Read More

3 minute read

New Supply Chain Attack “Revival Hijack” Risks Massive PyPI Takeovers

JFrog's cybersecurity researchers have identified a new PyPI attack technique called "Revival Hijack," which exploits package deletion policies. Over 22,000 packages are at risk, potentially impacting thousands of users. Stay informed!

September 5, 2024

Iraqi Hackers Exploit PyPI to Infiltrate Systems Through Python Packages

Read More

2 minute read

Iraqi Hackers Exploit PyPI to Infiltrate Systems Through Python Packages

Python packages are being used to steal data from developers and companies. Learn about the extensive cybercriminal operation…

July 16, 2024

PyPI Suspends New Projects and Users Due to Malicious Packages

Read More

3 minute read

PyPI Suspends New Projects and Users Due to Malicious Packages

Are you a Python developer? Here's what you need to know!

March 28, 2024

Crypto Stealing PyPI Malware Hits Both Windows and Linux Users

Read More

2 minute read

Crypto Stealing PyPI Malware Hits Both Windows and Linux Users

FortiGuard Labs’ latest research report reveals a concerning trend: threat actors are leveraging the Python Package Index (PyPI),…

January 28, 2024

OpenSSF Launches Malicious Packages Repository

Read More

4 minute read

Security

OpenSSF Launches Malicious Packages Repository

The launch of the Malicious Packages repository comes at a time when cyberattacks, leveraging malicious open source packages, are on the rise.

October 17, 2023