Bleeping Computer

PyPI package 'keep' mistakenly included a password stealer

PyPI packages 'keep,' 'pyanxdns,' 'api-res-py' were found to be containing a backdoor due to the presence of malicious 'request' dependency within some versions. For example, while most versions of ...
Bleeping Computer

Malicious ‘Lolip0p’ PyPi packages install info-stealing malware

A threat actor has uploaded to the PyPI (Python Package Index) repository three malicious packages that carry code to drop info-stealing malware on developers' systems. The malicious packages, ...
Dark Reading

'Revival Hijack' on PyPI Disguises Malware With Legitimate File Names

Security researchers have discovered a simple and troubling way for attackers to distribute malicious payloads via the PyPI package repository. All that the technique involves is re-registering a ...
GIGAZINE

Clearly that PyPI, which manages Python packages, has disclosed user data to the US Department of Justice

Software Foundation (PSF), which operates the Python Package Index (PyPI), a Python package upload platform, was issued three subpoenas from the U.S. Department of Justice in March and April 2023, ...