Bleeping Computer

PyPI package 'keep' mistakenly included a password stealer

PyPI packages 'keep,' 'pyanxdns,' 'api-res-py' were found to be containing a backdoor due to the presence of malicious 'request' dependency within some versions. For example, while most versions of ...
TechRadar

Malicious Python packages are stealing vital data, and have been downloaded thousands of times already

Researchers found three malicious PyPI packages, two targeting bitcoin developers, and one WooCommerce stores Two are designed to steal data, and the third to test for valid credit cards All three ...
InfoWorld

Creating a pip install-able Python package

Overview It's not hard to write a Python package that can be installed into an interpreter or virtual environment with pip. This video shows a simple example of how to lay out a project's source code ...
Dark Reading

Malicious Python Package Relies on Steganography to Download Malware

Check Point Research has detected a malicious open source code package that uses steganography to hide malicious code inside image files. The malicious package was available on PyPI, a package index ...
Dark Reading

Whack-a-Mole: More Malicious PyPI Packages Spring Up Targeting Discord, Roblox

Just a week after 10 malicious software packages were found nesting in the Python Package Index (PyPI) repository, several more have come to light, uncovered by different firms. It's becoming a bit of ...
Security Boulevard

Arcjet Python SDK Sinks Teeth Into Application-Layer Security

A new Arcjet SDK lets Python teams embed bot protection, rate limiting, and abuse prevention directly into application code.