According to Socket, malicious payment SDK packages on npm and PyPI are harvesting developer credentials and CI/CD ...
A campaign active since last November has been targeting Python developers building Telegram bots with trojanized Pyrogram ...
Every Python developer knows some or all of these libraries, because they’re stable, reliable, and excellent at what they do.
Vienna, Austria, June 25, 2026 — digna, the European data quality and observability platform, today announced the release of digna 2026.06, introducing a new Python SDK and Docker deployment support ...
Threat actors have struck the software supply chain yet again, this time hitting the Python Package Index (PyPI) with Mini Shai-Hulud in an attempt to spread poisoned code. In the latest campaign, ...
Abstract: The rapid growth of open-source ecosystems such as PyPI has significantly increased the risk of malicious packages infiltrating and affecting the software supply chains. Attackers often ...
On May 11, 2026, a self-replicating worm called Mini Shai-Hulud quietly slipped into 42 widely used TanStack open-source packages, corrupting 84 npm artifacts before anyone noticed. Within hours, the ...
Any development environment that installed or imported one of the 172 compromised npm or PyPI packages published since May 11 should be treated as potentially compromised. On affected developer ...
With the acceptance of PEP 783, package maintainers can now build and publish Pyodide-compatible wheels (using the pyemscripten platform tag) directly to PyPI. We encourage package maintainers to ...
QR codes that were once seen as a convenient shortcut for checking menus or paying bills have increasingly been turned into weapons. Fake delivery texts, counterfeit payment links and malicious codes ...