Bleeping Computer

PyPI suspends new user registration to block malware campaign

The Python Package Index (PyPI) has temporarily suspended user registration and the creation of new projects to deal with an ongoing malware campaign. PyPI is an index for Python projects that helps ...
Ars Technica

Actors behind PyPI supply chain attack have been active since late 2021

Awesome. Just when I was making headway on getting my organization to consider using the powerful open source data science and analysis tools in the Python ecosystem... This is why we can't have nice ...
Bleeping Computer

PyPI now blocks domain resurrection attacks used for hijacking accounts

The Python Package Index (PyPI) has introduced new protections against domain resurrection attacks that enable hijacking accounts through password resets. PyPI is the official repository for ...
Dark Reading

PyPI Shuts Down Over the Weekend, Says Incident Was Overblown

Following a temporary suspension of all new users and package uploads, the Python Package Index (PyPI) repository is back up and running. Many noted that the culprit was the flooding of the site with ...
Dark Reading

PyPI's 2FA Requirements Don't Go Far Enough, Researchers Say

The official open source code repository for the Python programming language, the Python Package Index (PyPI), will require all user accounts to enable two-factor ...
Ars Technica

More malicious packages posted to online repository. This time it’s PyPI

Researchers have uncovered yet another supply chain attack targeting an open source code repository, showing that the technique, which has gained wide use in the past few years, isn’t going away any ...
Computer Weekly

PyPI loophole puts thousands of packages at risk of compromise

Thousands of applications that have taken advantage of open source Python Package Index (PyPI) software packages may be at risk of hijacking and subversion by malicious actors, opening up the ...