The past year has seen over 10,000 downloads of malicious packages hosted on the official Python package repository, ESET research finds.

For the second time since March, a cybersecurity firm has discovered troubling malware software packages uploaded to the Python Package Index platform.

Two malicious versions of two Python packages were introduced in the Python Package Index (PyPI) with the purpose of stealing SSH and GPG keys from Python developers' projects.

Although there is nothing special about code executing on a machine, when this code is executed is a significant detail from a security standpoint.

Over the weekend an attacker has been uploading thousands of malicious Python packages on the public PyPI (Python Package Index) software repository.

Python devs targeted with dangerous phishing attacks - here's how to stay safe More popular npm packages hijacked to spread malware Stealing browser data ...

Devs unknowingly use “malicious” modules snuck into official Python repository Code packages available in PyPI contained modified installation scripts.

PyApp seems to be taking the Python world by storm, providing long-awaited click-and-run Python distribution. For developers ...

Microsoft harvested data about Python compatibility for libraries currently registered with PyPI (Python Package Index), the default repository for third-party Python libraries.