Bleeping Computer

PyPI packages caught stealing credit card numbers, Discord tokens

The Python Package Index (PyPI) registry has removed several Python packages this week aimed at stealing users' credit card numbers, Discord tokens, and granting code execution capabilities to ...
WeLiveSecurity

A pernicious potpourri of Python packages in PyPI

PyPI is popular among Python programmers for sharing and downloading code. Since anyone can contribute to the repository, malware – sometimes posing as legitimate, popular code libraries – can appear ...
InfoWorld

PDM: A smarter way to manage Python packages

Modern Python developers use virtual environments (venvs), to keep their projects and dependencies separate. Managing project dependencies gets more complex as the number of dependencies grows.
Ars Technica

Latest attack on PyPI users shows crooks are only getting better

More than 400 malicious packages were recently uploaded to PyPI (Python Package Index), the official code repository for the Python programming language, in the latest indication that the targeting of ...