The New York Times

YouTube TV to launch a new sports package next year

YouTube TV is attempting to make watching sports easier and cheaper. Chris McGrath / Getty Images YouTube TV will launch 10 genre-specific packages, including a YouTube TV Sports Plan in early 2026, ...
bitnewsbot

Malicious PyPI Packages Uncovered: Supply Chain Risk for Python

Cybersecurity researchers have found harmful software in the official Python Package Index (PyPI) and npm package repositories, putting software supply chains at risk. The packages, called termncolor ...
Bleeping Computer

Hackers target Python devs in phishing attacks using fake PyPI site

The Python Software Foundation warned users this week that threat actors are trying to steal their credentials in phishing attacks using a fake Python Package Index (PyPI) website. PyPI is a ...
CSOonline

Malicious PyPI package targets Chimera users to steal AWS tokens, CI/CD secrets

“Chimera-sandbox-extensions” exploit highlights rising risks of open-source package abuse, prompting calls for stricter dependency controls and DGA malware detection. A malicious Python package posing ...
Developer Tech

Python package ‘set-utils’ targets Ethereum wallets

A malicious package designed to steal private keys for Ethereum wallets has been uncovered within the Python Package Index (PyPI). According to Socket, this package – named ‘set-utils’ – masquerades ...
SecurityWeek

Developers Targeted With Malware Disguised as DeepSeek Package

Threat researchers have come across two malicious Python packages offered as resources for integrating the Chinese AI model DeepSeek into software projects. The malicious packages, named ‘deepseeek’ ...
Dark Reading

AI Malware Dressed Up as DeepSeek Packages Lurk in PyPi

Researchers have found malicious DeepSeek-impersonating packages planted in the Python Package Index (PyPi); the code is actually loaded with infostealers. Experts warn that's probably not the only ...
Bleeping Computer

Malicious PyPi package steals Discord auth tokens from devs

A malicious package named 'pycord-self' on the Python package index (PyPI) targets Discord developers to steal authentication tokens and plant a backdoor for remote control over the system. The ...
GitHub

Template for creating PyPI hosted python packages

Pytest has been chosen for unit testing based on its scalability and flexability for different applications - see here for more: https://builtin.com/data-science ...
InfoWorld

3 takeaways from the Ultralytics AI Python library hack

When attackers compromised Ultralytics YOLO, a popular real-time object detection machine-learning package for Python, most assumed the Python Package Index, or PyPI, must be the point of failure.
IEEE

1+1>2: Integrating Deep Code Behaviors with Metadata Features for Malicious PyPI Package ...

Abstract: PyPI, the official package registry for Python, has seen a surge in the number of malicious package uploads in recent years. Prior studies have demonstrated the effectiveness of ...
The Hacker News

PyPI Python Library "aiocpa" Found Exfiltrating Crypto Keys via Telegram Bot

The administrators of the Python Package Index (PyPI) repository have quarantined the package "aiocpa" following a new update that included malicious code to exfiltrate private keys via Telegram. By ...