Bleeping Computer

Malicious ‘Lolip0p’ PyPi packages install info-stealing malware

A threat actor has uploaded to the PyPI (Python Package Index) repository three malicious packages that carry code to drop info-stealing malware on developers' systems. The malicious packages, ...
マイナビニュース

PyPIユーザー狙うサイバー攻撃、インストールするだけでマルウェア ...

Phylumはこのほど、「A Deep Dive Into poweRAT: a Newly Discovered Stealer/RAT Combo Polluting PyPI」において、PyPI (Python Package Index)ユーザーに対して行われたマルウェアキャンペーンを発見したと伝えた。開発者のシステムに情報窃取を行うマルウェアを展開する6つの悪意の ...
マイナビニュース

不正なPythonパッケージをPyPIに44個発見、利用の有無の確認を

Check Point Software Technologiesは6月16日(米国時間)、「PyPI Suspends New Registrations After Malicious Python Script Attack」において、PyPI (Python Package ...
Morning Overview on MSN

Three separate supply-chain attacks hit npm, PyPI, and Docker Hub within 48 hours — all ...

Sometime around the last week of May 2026, attackers uploaded poisoned packages to three of the most widely used software ...
ZDNet

Twelve malicious Python libraries found and removed from PyPI

A software security engineer has identified 12 Python libraries uploaded on the official Python Package Index (PyPI) that contained malicious code. The 12 packages have been discovered in two separate ...
Bleeping Computer

PyPI urges users to reset credentials after new phishing attacks

The Python Software Foundation has warned victims of a new wave of phishing attacks using a fake Python Package Index (PyPI) website to reset credentials. Accessible at pypi.org, PyPI is the default ...

Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable ...

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious versions anyway. The CI/CD Trust-Chain Audit Grid maps the six gaps it ...