针对PyPI维护者的钓鱼攻击与Python软件供应链安全防护机制研究

近年来,开源软件在现代软件开发中的基础性地位日益凸显。作为全球最广泛使用的编程语言之一,Python的包生态系统以Python Package Index(PyPI)为核心,承载了超过50万个公开项目和数百万开发者。然而,这一开放协作模式在提升开发效率的同时,也暴露出显著的安全隐患。2023年至2025年间,Python软件基金会(Python Software Foundation, PSF)多 ...
Bleeping Computer

Ten Malicious Libraries Found on PyPI - Python Package Index

The Slovak National Security Office (NBU) has identified ten malicious Python libraries uploaded on PyPI — Python Package Index — the official third-party software repository for the Python ...
CoinTelegraph

Crypto-stealing malware discovered in Python Package Index — Checkmarx

According to cybersecurity firm Hacken, financial losses from crypto hacks topped $440 million in the third quarter of 2024. Researchers at the Checkmarx cybersecurity firm sounded the alarm on a ...