Hosted on MSN

Top open source PyPI package with over 1 million downloads each month hacked to send out malware

A widely used PyPI package was recently compromised through a malicious update The attack leveraged a GitHub Actions workflow to push infostealer code into a release Maintainers quickly issued a clean ...