PyPI

2 minute read

Google Says Hackers Used AI to Develop a Zero-Day Exploit

Google researchers say hackers used AI to develop zero-day exploits, Android backdoors, and automated supply chain attacks targeting GitHub and PyPI.

byDeeba Ahmed

May 11, 2026

2 minute read

PSF Warns of Fake PyPI Login Site Stealing User Credentials

The Python Software Foundation (PSF) warns developers of phishing emails leading to a fake PyPI login site designed to steal account credentials.

byWaqas

September 24, 2025

China-Linked AI Pentest Tool 'Villager' Raises Concern After 10K Downloads

3 minute read

Security

China-Linked AI Pentest Tool ‘Villager’ Raises Concern After 10K Downloads

China-linked AI tool Villager, published on PyPI, automates cyberattacks and has got experts worried after 10,000 downloads in…

byWaqas

September 15, 2025

GhostAction Attack Steals 3,325 Secrets from GitHub Projects

2 minute read

Security

GhostAction Attack Steals 3,325 Secrets from GitHub Projects

GhostAction supply chain attack hit 817 GitHub repositories, stealing 3,325 secrets including npm, PyPI, and DockerHub tokens.

byWaqas

September 6, 2025

2 minute read

Backdoors in Python and NPM Packages Target Windows and Linux

Checkmarx uncovers cross-ecosystem attack: fake Python and NPM packages plant backdoor on Windows and Linux, enabling data theft plus remote control.

byDeeba Ahmed

June 2, 2025

2 minute read

Malware Hidden in AI Models on PyPI Targets Alibaba AI Labs Users

ReversingLabs discovers new malware hidden inside AI/ML models on PyPI, targeting Alibaba AI Labs users. Learn how attackers…

byDeeba Ahmed

May 28, 2025

2 minute read

Hackers Hide Malware in Fake DeepSeek PyPI Packages

Malicious DeepSeek packages on PyPI spread malware, stealing sensitive data like API keys. Learn how this attack targeted developers and how to protect yourself.

byWaqas

February 4, 2025

3 minute read

Python Malware in Zebo-0.1.0 and Cometlogger-0.1 Found Stealing User Data

Fortinet discovers two malicious Python packages, Zebo-0.1.0 and Cometlogger-0.1, designed to steal data, capture keystrokes, and gain system control. Learn about their malicious behavior and how to protect yourself

byDeeba Ahmed

December 24, 2024

ReversingLabs Research: Compromised Ultralytics PyPI Package Delivers Crypto Coinminer

3 minute read

Ultralytics AI Library with 60M Downloads Compromised for Cryptomining

Another day, another supply chain attack!

byDeeba Ahmed

December 9, 2024

4 minute read

Fabrice Malware on PyPI Has Been Stealing AWS Credentials for 3 Years

The malicious Python package “Fabrice” on PyPI mimics the “Fabric” library to steal AWS credentials, affecting thousands. Learn how…

byWaqas

November 7, 2024

The Latest

Canvas Hackers ShinyHunters Say Their Official Domain Was Suspended

Fake Claude Code Installer Targets Developers With Browser Credential Stealer

Pwn2Own Berlin 2026 Hits Capacity as Rejected Hackers Release 0-Days

Top Video Downloaders in 2026: Why Wondershare UniConverter Remains a Strong Choice

PyPI

Google Says Hackers Used AI to Develop a Zero-Day Exploit

PSF Warns of Fake PyPI Login Site Stealing User Credentials

China-Linked AI Pentest Tool ‘Villager’ Raises Concern After 10K Downloads

GhostAction Attack Steals 3,325 Secrets from GitHub Projects

Backdoors in Python and NPM Packages Target Windows and Linux

Malware Hidden in AI Models on PyPI Targets Alibaba AI Labs Users

Hackers Hide Malware in Fake DeepSeek PyPI Packages

Python Malware in Zebo-0.1.0 and Cometlogger-0.1 Found Stealing User Data

Ultralytics AI Library with 60M Downloads Compromised for Cryptomining

Fabrice Malware on PyPI Has Been Stealing AWS Credentials for 3 Years

Lyrie.ai Joins First Batch of Anthropic’s Cyber Verification Program

LuxSci Launches Enterprise-Grade HIPAA-Compliant Email Security for Mid-Sized Healthcare Organizations

Criminal IP and Securonix ThreatQ Collaborate to Enhance Threat Intelligence Operations

Brinker Introduces a Novel Approach to Deepfake Detection

BreachLock Named Representative Vendor in the 2026 Gartner Market Guide for Adversarial Exposure Validation