ZDNet

Twelve malicious Python libraries found and removed from PyPI

A software security engineer has identified 12 Python libraries uploaded on the official Python Package Index (PyPI) that contained malicious code. The 12 packages have been discovered in two separate ...
Bleeping Computer

Hackers target Python devs in phishing attacks using fake PyPI site

The Python Software Foundation warned users this week that threat actors are trying to steal their credentials in phishing attacks using a fake Python Package Index (PyPI) website. PyPI is a ...
マイナビニュース

不正なPythonパッケージをPyPIに44個発見、利用の有無の確認を

Check Point Software Technologiesは6月16日(米国時間)、「PyPI Suspends New Registrations After Malicious Python Script Attack」において、PyPI (Python Package ...
LinkedIn

Malicious Python Packages on PyPI: A Critical Threat to Open-Source Security

The open-source software ecosystem has long been a foundation for innovation, collaboration, and rapid development. However, recent revelations have exposed a severe vulnerability in this ecosystem, ...
LinkedIn

Seven malicious packages on PyPI exploited Gmail’s SMTP protocol to run harmful commands."

These packages had over 55,000 downloads before removal. The main payload (Coffin-Codes-Pro) also sets up a WebSocket connection after the SMTP link is established. This forms the core C2 channel used ...
マイナビニュース

Python PyPIがフィッシング詐欺攻撃を受けている、ただちに確認を

The Hacker Newsは8月25日(米国時間)、「PyPI Repository Warns Python Project Maintainers About Ongoing Phishing Attacks」において、PyPI (Python Package ...
GitHub

readme_pypi_commands.txt

This readme is only for "contributors" of the project. You may use it as a guide in case you want to create variants of this tool on another PyPI or Test PyPI repository. But then you need to change ...