The Hacker News

Fake Python Spellchecker Packages on PyPI Delivered Hidden Remote Access Trojan

Two fake spellchecker packages on PyPI hid a Python RAT in dictionary files, activating malware on import in version 1.2.0.
Oak Ridge National Lab

Equilipy: a python package for calculating phase equilibria

The CALPHAD (CALculation of PHAse Diagram) approach provides predictions for thermodynamically stable phases in multicomponent-multiphase materials across a wide range of temperatures. Consequently, ...
PC Gamer

The Python Software Foundation has turned down a $1.5 million US government grant amid ethical concerns

VR Cyberpunk 2077 VR mod disappears after mod maker decides he'd rather take it down than make it free AI Here we go: OpenAI CEO Sam Altman once called it a 'last resort', but ChatGPT is about to get ...
Bleeping Computer

Hackers target Python devs in phishing attacks using fake PyPI site

The Python Software Foundation warned users this week that threat actors are trying to steal their credentials in phishing attacks using a fake Python Package Index (PyPI) website. PyPI is a ...
The Hacker News

The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The Hacker News is the top cybersecurity news platform, delivering real-time updates, threat intelligence, data breach reports, expert analysis, and actionable insights for infosec professionals and ...
Developer Tech

Python package ‘set-utils’ targets Ethereum wallets

A malicious package designed to steal private keys for Ethereum wallets has been uncovered within the Python Package Index (PyPI). According to Socket, this package – named ‘set-utils’ – masquerades ...
Geeky Gadgets

MicroPython Package Installer for Arduino : Simplifying Library Management

Managing libraries for Arduino boards has traditionally been a time-consuming and error-prone process. Developers often had to manually search for, download, and configure libraries, which could be ...
Bleeping Computer

Malicious PyPi package steals Discord auth tokens from devs

A malicious package named 'pycord-self' on the Python package index (PyPI) targets Discord developers to steal authentication tokens and plant a backdoor for remote control over the system. The ...
The Economist

Off the Charts newsletter: Why Python is the best coding language for data journalism

This article is adapted from an edition of our Off the Charts newsletter originally published in October 2021. Off the Charts is a weekly, subscriber-only guide to The Economist’s award-winning data ...
InfoWorld

3 takeaways from the Ultralytics AI Python library hack

When attackers compromised Ultralytics YOLO, a popular real-time object detection machine-learning package for Python, most assumed the Python Package Index, or PyPI, must be the point of failure.
CoinTelegraph

Crypto-stealing malware discovered in Python Package Index — Checkmarx

According to cybersecurity firm Hacken, financial losses from crypto hacks topped $440 million in the third quarter of 2024. Researchers at the Checkmarx cybersecurity firm sounded the alarm on a ...