News

PyPI invalidates tokens stolen in GhostAction supply chain attack

The Python Software Foundation team has invalidated all PyPI tokens stolen in the GhostAction supply chain attack in early ...
How-To Geek on MSN

Python Package Index Responds to Malware Attack by Invalidating Tokens

The Python Package Index (PyPI), run by the Python Software Foundation, has officially invalidated all the publishing tokens that were stolen in the GhostAction supply chain attack that happened ...
The Hacker News

SilentSync RAT Delivered via Two Malicious PyPI Packages Targeting Python Developers

Zscaler reveals SilentSync remote access trojan hidden in two malicious PyPI Python packages, risking browser data theft and ...
Bleeping Computer

Hackers target Python devs in phishing attacks using fake PyPI site

The Python Software Foundation warned users this week that threat actors are trying to steal their credentials in phishing attacks using a fake Python Package Index (PyPI) website. PyPI is a ...
Infosecurity Magazine

Chinese AI Villager Pen Testing Tool Hits 11,000 PyPI Downloads

AI-native Villager, which automates Kali and DeepSeek penetration tests, has reached 11,000 PyPI downloads fueling dual-use ...