PyPI is the official Python Package Index that currently contains 500,972 projects, 5,228,535 million releases, 9,950,103 million files, and 770,841 users. PyPI helps users locate and install software ...

Two fake spellchecker packages on PyPI hid a Python RAT in dictionary files, activating malware on import in version 1.2.0.

The open-source libraries were created by Salesforce, Nvidia, and Apple with a Swiss group Vulnerabilities in popular AI and ML Python libraries used in Hugging Face models with tens of millions of ...

A malicious Python Package Index (PyPI) package, dubbed “aiocpa” and engineered to steal cryptocurrency wallet data, has been uncovered by security researchers. The package posed as a legitimate ...

The bugs have been fixed, so users should patch now, experts warn.

A malicious package recently uploaded to the Python Package Index (PyPI) is the latest manifestation of the growing sophistication of software supply chain threats. Security researchers at JFrog ...

Fake Alibaba Labs AI SDKs hosted on PyPI included PyTorch models with infostealer code inside. With support for detecting malicious code inside ML models lacking, expect the technique to spread.

The phishing campaign shows how attackers continue to weaponize legitimate cloud services and open source tools to evade detection and gain trust.

A platform called Top.gg that’s used to publish bots for the popular Discord chat app recently had one of its GitHub repositories poisoned with malicious code as part of a larger software supply chain ...

Thanks to a combination of sophisticated methodology and social engineering, this particular attack seems to be very difficult to stop. When you purchase through links on our site, we may earn an ...

GitHub projects have been targeted with malicious commits and pull requests, in an attempt to inject backdoors into these projects. Most recently, the GitHub repository of Exo Labs, an AI and machine ...