Open source malware surged 73% in 2025, with npm as a key target with rising risks in software supply chains and developer environments.

A report from ReversingLabs reveals a massive 73% increase in malicious open-source packages in 2025, with over 10,000 ...

Two fake spellchecker packages on PyPI hid a Python RAT in dictionary files, activating malware on import in version 1.2.0.

VR Cyberpunk 2077 VR mod disappears after mod maker decides he'd rather take it down than make it free AI Here we go: OpenAI CEO Sam Altman once called it a 'last resort', but ChatGPT is about to get ...

Recently, we wrote a detailed tutorial on how to build your own AI chatbot with ChatGPT API. And for that project, we used Python and Pip to run several essential libraries. So if you are also getting ...

The Python Software Foundation has warned victims of a new wave of phishing attacks using a fake Python Package Index (PyPI) website to reset credentials. Accessible at pypi.org, PyPI is the default ...

The Python Software Foundation warned users this week that threat actors are trying to steal their credentials in phishing attacks using a fake Python Package Index (PyPI) website. PyPI is a ...

The Hacker News is the top cybersecurity news platform, delivering real-time updates, threat intelligence, data breach reports, expert analysis, and actionable insights for infosec professionals and ...

This article is adapted from an edition of our Off the Charts newsletter originally published in October 2021. Off the Charts is a weekly, subscriber-only guide to The Economist’s award-winning data ...

When attackers compromised Ultralytics YOLO, a popular real-time object detection machine-learning package for Python, most assumed the Python Package Index, or PyPI, must be the point of failure.