WeLiveSecurity

A pernicious potpourri of Python packages in PyPI

PyPI is popular among Python programmers for sharing and downloading code. Since anyone can contribute to the repository, malware – sometimes posing as legitimate, popular code libraries – can appear ...
Bleeping Computer

Popular LiteLLM PyPI package backdoored to steal credentials, auth tokens

The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package on PyPI and claiming to have stolen data from hundreds of thousands of ...
InfoWorld

Creating a pip install-able Python package

It's not hard to write a Python package that can be installed into an interpreter or virtual environment with pip. This video shows a simple example of how to lay out a project's source code and set ...
Infosecurity-magazine.com

New Malware on PyPI Poses Threat to Open-Source Developers

A newly uncovered malicious package on the Python Package Index (PyPI) has raised fresh concerns about the security of open source software repositories. The package, named “dbgpkg,” was discovered by ...