The Hacker News

Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

Compromised dYdX npm and PyPI packages delivered wallet-stealing malware and a RAT via poisoned updates in a software supply chain attack.
The Hacker News

Fake Python Spellchecker Packages on PyPI Delivered Hidden Remote Access Trojan

Two fake spellchecker packages on PyPI hid a Python RAT in dictionary files, activating malware on import in version 1.2.0.
Oak Ridge National Lab

Equilipy: a python package for calculating phase equilibria

The CALPHAD (CALculation of PHAse Diagram) approach provides predictions for thermodynamically stable phases in multicomponent-multiphase materials across a wide range of temperatures. Consequently, ...
PC Gamer

The Python Software Foundation has turned down a $1.5 million US government grant amid ethical concerns

AI A professor lost two years of 'carefully structured academic work' in ChatGPT because of a single setting change: 'These tools were not developed with academic standards of reliability in mind' ...
Bleeping Computer

Hackers target Python devs in phishing attacks using fake PyPI site

The Python Software Foundation warned users this week that threat actors are trying to steal their credentials in phishing attacks using a fake Python Package Index (PyPI) website. PyPI is a ...
Dark Reading

Malicious Chimera Turns Larcenous on Python Package Index

A malicious package recently uploaded to the Python Package Index (PyPI) is the latest manifestation of the growing sophistication of software supply chain threats. Security researchers at JFrog ...
SecurityWeek

Developers Targeted With Malware Disguised as DeepSeek Package

Threat researchers have come across two malicious Python packages offered as resources for integrating the Chinese AI model DeepSeek into software projects. The malicious packages, named ‘deepseeek’ ...
CSOonline

Python administrator moves to improve software security

The administrators of the Python Package Index (PyPI) have begun an effort to improve the hundreds of thousands of software packages that are listed. The attempt, which began earlier last year, is to ...
Geeky Gadgets

MicroPython Package Installer for Arduino : Simplifying Library Management

Managing libraries for Arduino boards has traditionally been a time-consuming and error-prone process. Developers often had to manually search for, download, and configure libraries, which could be ...
Bleeping Computer

Malicious PyPi package steals Discord auth tokens from devs

A malicious package named 'pycord-self' on the Python package index (PyPI) targets Discord developers to steal authentication tokens and plant a backdoor for remote control over the system. The ...
The Economist

Off the Charts newsletter: Why Python is the best coding language for data journalism

This article is adapted from an edition of our Off the Charts newsletter originally published in October 2021. Off the Charts is a weekly, subscriber-only guide to The Economist’s award-winning data ...
InfoWorld

3 takeaways from the Ultralytics AI Python library hack

When attackers compromised Ultralytics YOLO, a popular real-time object detection machine-learning package for Python, most assumed the Python Package Index, or PyPI, must be the point of failure.