Over 100 NPM and PyPI packages were injected with malicious code in the Miasma and Hades Shai-Hulud supply chain attack ...

Use Python to make your data visualizations stand out.

With over 2.2 billion installs, the flawed Python package offers attackers a huge blast radius, including silent access to ...

Morgan is a PyPI mirror for restricted/offline networks/environments, where access to the Internet is not available. It allows creating small mirrors that can be used by multiple "client" Python ...

Sometime around the last week of May 2026, attackers uploaded poisoned packages to three of the most widely used software ...

A new report out today from cybersecurity company Forcepoint LLC’s X-Labs research team details a supply chain attack that compromised LiteLLM, a widely used open-source Python ...

The Hacker News is the top cybersecurity news platform, delivering real-time updates, threat intelligence, data breach ...

Lazarus Group evolving Operation Dream Job campaign to target Web3 developers New “Graphalgo” variant uses malicious dependencies in legitimate bare-bone projects on PyPI/npm ReversingLabs found ~200 ...

A new variation of the fake recruiter campaign from North Korean threat actors is targeting JavaScript and Python developers with cryptocurrency-related tasks. The activity has been ongoing since at ...

Check if there are potential typosquatters on a package you care about. Check if there are potential typosquatters on the most downloaded PyPI packages. Check if packages newly added to PyPI are ...

Cybersecurity researchers have discovered vulnerable code in legacy Python packages that could potentially pave the way for a supply chain compromise on the Python Package Index (PyPI) via a domain ...

The Python Software Foundation has rejected a $1.5 million government grant because of anti-DEI requirements imposed by the Trump administration, the nonprofit said in a blog post yesterday. The grant ...