Dark Reading

One-Third of Popular PyPI Packages Mistakenly Flagged as Malicious

The scanners tasked with weeding out malicious contributions to packages distributed via the popular open source code repository Python Package Index (PyPI) create a significant number of false alerts ...
Dark Reading

W4SP Stealer Stings Python Developers in Supply Chain Attack

Attackers continue to create fake Python packages and use rudimentary obfuscation techniques in an attempt to infect developers' systems with the W4SP Stealer, a Trojan designed to steal ...
Bleeping Computer

Popular Python and PHP libraries hijacked to steal AWS keys

PyPI module 'ctx' that gets downloaded over 20,000 times a week has been compromised in a software supply chain attack with malicious versions stealing the developer's environment variables. The ...
InfoWorld

PyScript brings Python into the browser, more easily than ever

A new project from Anaconda delivers the Python runtime in a web page, via a single JS include, and with access to many popular Python packages. Anaconda, makers of the Python distribution for ...
InfoWorld

Reader picks: The most popular Python stories of 2025

Python 3.14 was the star of the show in 2025, bringing official support for free-threaded builds, a new all-in-one installation manager for Windows, and subtler perks like the new template strings ...
The Victoria Advocate

Introducing Chainguard Libraries for Python: Malware-Resistant Dependencies Built Entirely ...

Notable malware attacks against popular Python packages like Ultralytics and PyTorch TorchTriton have shaken the community and demonstrated the risk of relying on traditional mechanisms (e.g., public ...