Bleeping Computer

Malicious PyPi package steals Discord auth tokens from devs

A malicious package named 'pycord-self' on the Python package index (PyPI) targets Discord developers to steal authentication ...
Bleeping Computer

Malicious PyPI package with 37,000 downloads steals AWS keys

A malicious Python package named 'fabrice' has been present in the Python Package Index (PyPI) since 2021, stealing Amazon Web ...
CSOonline

Malicious PyPI package targets Chimera users to steal AWS tokens, CI/CD secrets

“Chimera-sandbox-extensions” exploit highlights rising risks of open-source package abuse, prompting calls for stricter ...
Computer Weekly

PyPI loophole puts thousands of packages at risk of compromise

Thousands of applications that have taken advantage of open source Python Package Index (PyPI) software packages may be at risk ...
Infosecurity-magazine.com

New PyPI Package Zlibxjson Steals Discord, Browser Data

A dangerous package has been found on the PyPI repository. Named zlibxjson version 8.2, the malicious package was flagged by ...
How-To Geek via MSN

These 7 Python libraries are useful even if you're not a developer

Every Python developer knows some or all of these libraries, because they’re stable, reliable, and excellent at what they do.