IEEE

A Large-Scale Security-Oriented Static Analysis of Python Packages in PyPI

Abstract: Different security issues are a common problem for open source packages archived to and delivered through software ecosystems. These often manifest themselves as software weaknesses that may ...
The Record

Malicious Python packages caught stealing Discord tokens, installing shells

The operators of the Python Package Index (PyPI) have removed this week 11 Python libraries from their portal for various malicious behaviors, including the collection and theft of user data, ...
Hacker

Custom Python PyPI repository

Python downloads its dependencies from PyPI repositories by default. It contains latest versions (can be stable or not) and various amount of packages. We’re good right? So, whats the need of custom ...
The Record

Python team fixes bug that allowed takeover of PyPI repository

The Python security team has fixed today three vulnerabilities impacting the Python Package Index (PyPI), the official repository for Python libraries, including one that could have allowed a threat ...
Cyber Defense Magazine

GitGuardian Researchers Find Thousands of Leaked Secrets in PyPI (Python Package Index) Packages

The modern world of DevOps means relying on our code connecting to outside services and components imported at run time. All of this access is predicated on secrets, the credentials such as API keys ...
Infosecurity-magazine.com

Malicious PyPI Packages Use Compiled Python Code to Bypass Detection

Security researchers at ReversingLabs have discovered a novel attack that used compiled Python code to evade detection. According to ReversingLabs reverse engineer Karlo Zanki, this could be the first ...