Bleeping Computer

PyPI mandates 2FA for critical projects, developer pushes back

On Friday, the Python Package Index (PyPI), the official repository of third-party open-source Python projects announced plans to mandate two-factor authentication requirement for maintainers of ...
Dark Reading

Malicious Python Repository Package Drops Cobalt Strike on Windows, macOS & Linux Systems

Public repositories of open source code are a critical part of the software supply chain that many organizations use to build applications. They are therefore an attractive target for adversaries ...
Bleeping Computer

PyPI adds project archiving system to stop malicious updates

The Python Package Index (PyPI) has announced the introduction of ‘Project Archival,’ a new system that allows publishers to archive their projects, indicating to the users that no updates are to be ...
InfoWorld

How to manage Python projects with Poetry

Poetry takes a unique approach to managing Python project dependencies and virtual environments. Here’s everything you need to get started with Poetry today. There should be one—and preferably only ...
InfoWorld

3 takeaways from the Ultralytics AI Python library hack

When attackers compromised Ultralytics YOLO, a popular real-time object detection machine-learning package for Python, most assumed the Python Package Index, or PyPI, must be the point of failure.
Hackaday

A Hacker-Friendly Software Package For Your Next AI Project

If you’re interested in using Large Language Models (LLM) in a project, but aren’t plugged directly into the fast-developing world of artificial intelligence (AI), knowing what tool or software to use ...
Neowin

Package Analysis Project: Google will help detect malicious open source packages

Google has pledged support for OpenSSF's Package Analysis Project for open source packages uploaded to popular repositories. It has also published the results which paint a rather interesting picture.