ZDNet

Developers, watch your code: Official Python repository spread malicious projects

PyPI is the official Python Package Index that currently contains 500,972 projects, 5,228,535 million releases, 9,950,103 million files, and 770,841 users. PyPI helps users locate and install software ...

Exclusive: Chainguard extends Repository scanning and policies to Java, Python and containers

Secure software supply chain solution provider Chainguard Inc. today expanded its Chainguard Repository product with malware ...
SecurityWeek

Exploitable CI/CD Vulnerabilities Expose Millions of Repositories to Hijacking

Cordyceps, a systemic class of exploitable CI/CD vulnerabilities, allows unauthenticated attackers to hijack developer ...
Ars Technica

Devs unknowingly use “malicious” modules snuck into official Python repository

The official repository for the widely used Python programming language has been tainted with modified code packages, a computer security authority in Slovakia warned. The authority also said the ...
Dark Reading

'Cordyceps': Mushrooming Malicious Pull Requests Threaten Developer Workflows

By targeting the automated workflows around repositories with targeted pull requests, attackers can potentially target ...
Dark Reading

'Blatantly Obvious': Spyware Offered to Cyberattackers via PyPI Python Repository

Researchers have discovered malware peddlers advertising an info-stealer out in the open on the Python Package Index (PyPI) — the official, public repository for the Python programming language — with ...
Ars Technica

10 malicious Python packages exposed in latest repository attack

I would really appreciate if some companies worked together to curate a repository of the most often used packages. We are using open source software in our company, yet instead of paying a security ...

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP, simultaneously compromised Microsoft's durabletask Python ...
TechRadar

Credit card-stealing malware found in official Python repository

Cybersecurity researchers have once again found malicious packages lurking in Python’s official repository, PyPI. According to estimates from the security research team at DevOps specialists JFrog, ...